I'm not a technologist but I have been watching and writing about cloud computing for years, back even when its adoption was expected to happen much more quickly. I have heard the argument against the cloud that data was not secure for years. I understand it's a valid point, but I have always thought and still think that any system with weak security (whether in-house, local, hybrid or purely cloud-based) is going to be vulnerable to data leaks or intrusion if proper security is not in place. If proper security is implemented on a cloud-based system, the data on it also should remain secure. Sure, security meansures may need to be more sophisticated, but as the cloud has evolved so has security technology. Anyway, that's just my two cents!
Elizabeth, the security problems with the cloud are a big concern for many businesses. I have run into small and medium businesses that will not go cloud becuase of the concerns. A majority of these firms are not in the cloud, so it is potentially a growth area.
One issue for users of cloud computing is that there may not be a way to know you have been hacked. If you are using cloud at the level or IaaS you are responsible for just about everything. If you are using SaaS, you are dependent on the service vendor. Many of these do not have a track record, or the deep pockets to make things right if there is a problem. Right now it is a problem.
Encryption can be broken, firewalls breeched, even secrets printed. There really is no perfect solution. If governments can be "hacked," nothing is safe. I think the worst part is losing the data when servers/harddrives crash. The cloud needs more work.
Putting all your data eggs in the basket of any cloud service is asking for a bad day.
I agree, Cabe. Virtually every expert says there is no perfect solution. Security experts say that all operating systems can be compromised, even those used in tanks, bombers and planes. However unlikely, it can happen.
The security issues are definitely real and yes, depending SOLELY on the cloud is probably a bad idea. But there are a lot of ways to back things up. And who hasn't had things stolen off a local system without a back-up plan and suffered the consequences? I stick by my point that security has always been and will always be a great concern, but don't punish the cloud solely based on this issue. The more sophisticated attacks get just means that security researchers also have to step up their game. Surely the bad guys aren't always smarter. :)
The issues presented are not legal questions. They are security questions raised by the legal profession. An example of a legal question would be if the government could confiscate equipment from or shut down a cloud service for an investigation into one of the customer's activities just like they can confiscate computers from an individual for an investigation.
As far as security goes, any security can be broken by someone with enough time and enough money. A cloud service with many customers gives a would-be criminal a single focus for their time and money with considerable potential reward.
As the author's comment touched on ... security can be breached in many ways. Physical security at most cloud facilities is actually qute good (but you are still trusting someone else to handle it for you). How the facility is administered is another question ... where it can be better to stay with the big names so that the deep pockets are there if your security is breached. Other than that, there is the idea that different platforms, OSs, et al are more secure and reliable than others ... and some platforms are more of a favorite target for hackers. I believe good cloud security is something you almost cannot trumpet from the mountain tops (if you truly believe you have it) as it could be a call to arms for the hackers. I definitely think private cloud software might be a good alternative (or first step) for someone concerned about security (and anyone not concerned with security must be in quite a unique niche).
"The problem with implementing cloud defense tactics is that the services are still in their infancy, which means security measures are basic at best."
We have another opinion than this author has. ICR3ATE is developing and soon delivering a "secure webtop for 3D Co-design & Co-creation, with safe Cloud power".
What we have accomplished regarding security, both from a IT and a Business/IP perspective, cann't IMHO not be classified as "basic at best".
I woud be happy referring to our Web-site (http://www.icr3ate.com), read the technologies & best practices we apply. Then please take notion about the just today spread news about Googles initiative to make war against passwords by implementing Yubikeys.
We use these Yubikeys for almost 2 years right now. Study these things and judge once again.
I'm sure that you'll notice that that easy statement about "basic at best" cann't be taken seriously. Please come in contact with me and we will show you that it's just the other way around: thanks to the cloud and keeping data there, we can tighten security using non military tech and with a fraction of the costs invloved with that.
Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.