I'm not a technologist but I have been watching and writing about cloud computing for years, back even when its adoption was expected to happen much more quickly. I have heard the argument against the cloud that data was not secure for years. I understand it's a valid point, but I have always thought and still think that any system with weak security (whether in-house, local, hybrid or purely cloud-based) is going to be vulnerable to data leaks or intrusion if proper security is not in place. If proper security is implemented on a cloud-based system, the data on it also should remain secure. Sure, security meansures may need to be more sophisticated, but as the cloud has evolved so has security technology. Anyway, that's just my two cents!
Elizabeth, the security problems with the cloud are a big concern for many businesses. I have run into small and medium businesses that will not go cloud becuase of the concerns. A majority of these firms are not in the cloud, so it is potentially a growth area.
One issue for users of cloud computing is that there may not be a way to know you have been hacked. If you are using cloud at the level or IaaS you are responsible for just about everything. If you are using SaaS, you are dependent on the service vendor. Many of these do not have a track record, or the deep pockets to make things right if there is a problem. Right now it is a problem.
Encryption can be broken, firewalls breeched, even secrets printed. There really is no perfect solution. If governments can be "hacked," nothing is safe. I think the worst part is losing the data when servers/harddrives crash. The cloud needs more work.
Putting all your data eggs in the basket of any cloud service is asking for a bad day.
I agree, Cabe. Virtually every expert says there is no perfect solution. Security experts say that all operating systems can be compromised, even those used in tanks, bombers and planes. However unlikely, it can happen.
The security issues are definitely real and yes, depending SOLELY on the cloud is probably a bad idea. But there are a lot of ways to back things up. And who hasn't had things stolen off a local system without a back-up plan and suffered the consequences? I stick by my point that security has always been and will always be a great concern, but don't punish the cloud solely based on this issue. The more sophisticated attacks get just means that security researchers also have to step up their game. Surely the bad guys aren't always smarter. :)
The issues presented are not legal questions. They are security questions raised by the legal profession. An example of a legal question would be if the government could confiscate equipment from or shut down a cloud service for an investigation into one of the customer's activities just like they can confiscate computers from an individual for an investigation.
As far as security goes, any security can be broken by someone with enough time and enough money. A cloud service with many customers gives a would-be criminal a single focus for their time and money with considerable potential reward.
Hate to say it, but any electromagnetic field would have adverse effects on 5 ¼" floppies. Home backups with standard magnetic disc harddrives suffer from a similar problem. So, perhaps hackers are the least of our concerns.
As the author's comment touched on ... security can be breached in many ways. Physical security at most cloud facilities is actually qute good (but you are still trusting someone else to handle it for you). How the facility is administered is another question ... where it can be better to stay with the big names so that the deep pockets are there if your security is breached. Other than that, there is the idea that different platforms, OSs, et al are more secure and reliable than others ... and some platforms are more of a favorite target for hackers. I believe good cloud security is something you almost cannot trumpet from the mountain tops (if you truly believe you have it) as it could be a call to arms for the hackers. I definitely think private cloud software might be a good alternative (or first step) for someone concerned about security (and anyone not concerned with security must be in quite a unique niche).
"The problem with implementing cloud defense tactics is that the services are still in their infancy, which means security measures are basic at best."
We have another opinion than this author has. ICR3ATE is developing and soon delivering a "secure webtop for 3D Co-design & Co-creation, with safe Cloud power".
What we have accomplished regarding security, both from a IT and a Business/IP perspective, cann't IMHO not be classified as "basic at best".
I woud be happy referring to our Web-site (http://www.icr3ate.com), read the technologies & best practices we apply. Then please take notion about the just today spread news about Googles initiative to make war against passwords by implementing Yubikeys.
We use these Yubikeys for almost 2 years right now. Study these things and judge once again.
I'm sure that you'll notice that that easy statement about "basic at best" cann't be taken seriously. Please come in contact with me and we will show you that it's just the other way around: thanks to the cloud and keeping data there, we can tighten security using non military tech and with a fraction of the costs invloved with that.
What company CEO or other dedicated member would ever say that their product was the very best and absolutely exactly what you need. That includes the assertion that it's security methods are by far better than anything anone else has ever thought of. REally, who, in the upper management would ever admit to any fault of their product? They would be on the street the vaery next day.
Sure I know it's a vendor sponsored thing. Nevertheless it might be interesting to konw tha colloboration process will neven be effective without the Cloud. So the main topic is still of my interest, what are the legal questions and how to deal with that. We have a clear vision on that and a solution which effectively support "interactively design in your own safe Cloud".
When a service provider asserts that the medium provided is indeed secure and the data storred will be neither lost nor copied, the ability to provide the services paid for winds up being a rather legal question. At least that is my perception.
Storing files and programs on an accessable server is certainly another way to make the information and resources available for collaborators, so there is at least one alternative. I have used FTP (file transfer protocol) sites as another method of sharing files with those in other parts of the world. That also works, although there could be some security concerns. Those files were secured by both passwords and being stored alongside hundreds of other files that looked quite similar, but which held no value. That was a very cheap trick to confusw any spying individuals.
There is one thing that really makes me second guess motive for "Cloud" computing.
Data-storage is very inexpensive so why would you want to store your personal or sensitive information on someone else's computer/ Database?
A thumb drive can hold up to a Terra-bit of information, and many hard-drives 500gb - 1TB can be purchased for under $200; now that's storage, and cheap storage, having two drives to back stuff up is obtainable because of the inexpensive equipment.
Not only would you protect your personal data but you can store tones of data without paying a monthly fee, risking exposure, or worse.
Also, if you have a "Top Level Domain Name" and you pay for hosting with "Hostgator", you receive unlimited space for about $4.50 a month and everything is backed up.
I really don't see the point to cloud, if it's your data, keep it that way.
Cabe, From a practical point of view, I don't worry about putting information into the cloud. But when it comes to financial records, even though I think it is very unlikely someone will hack into the file, I'm not ready to do it. Cloud back-ups are awesome, transparent and dirt-cheap. But for a business, there are another set of issues to contend with.
There are three assumptions in this thread that aren't valid:
- That you can trust cloud vendors. The fact is that any company can be infiltrated and it only takes one bad apple to ruin the barrel. There are already stories circulating about companies losing their data because a cloud backup system silently stopped working. It SAID it was backing things up, but when the need to restore a file came the data wasn't available. It doesn't matter if this was a software bug, an infiltrator, a hack, or a choice by the cloud vendor. The data was gone and deep pockets won't make it right. It is true that you can always be hit from the inside, no system is perfect. However, you are taking a cloud vendor at their word for a lot that you can't verify. That includes that they are encrypting your data! You can usually verify things that you control.
- That your data can't be stolen without you knowing it. Suppose you have a trade secret that is vital to your business. Then suppose someone picks it off a cloud server and uses it, thereby destroying your critical advantage. You may not even know how or even if the data breach occurred, you only know you are losing business.
- That a cloud based system can be made as secure as your local system. Fact: a network that is not connected to the internet cannot be hacked from the outside. A cloud system inherently does not have that protection.
- That cloud vendors won't attract "special attention" by hackers. The fact is a centralized repository is inherently more vulnerable than a distributed one. If 50 companies have their data on one server, breaking into that server will yeild 50 times the results that hitting just one of those companies will yeild.
I would never put personal information on the cloud; i.e. financial documents, contracts, personal legal documents, etc due to issues with security. One company I consult for has been "hacked" twice with a significant number of documents corrupted, stolen, etc. This company has the range of protection warranted and necessary when running a company. I, like most others commenting, feel cloud computing is possibly the wave of the future but now in it's infancy--possibly getting better, but not really there to the point of being completely safe.
I recently bought 100GB from "Dropbox." The ease of accessing files is fantastic. I feel safe, since the data is not only stored in the cloud, but also synced across several computers. There is around 7 instances of the data right now.
Only down side, if any of those terminals make changes, it happens everywhere. That would include deletion.
As for security, I encrypted the entire archive with a 64 character string. That should be good enough, yes?
I had to post in order to mention the announcement of Microsoft's cloud computing with the release of Office 365. If it catches on maybe Netflix will no longer be the biggest contributer to Internet traffic.
Have to handle data storage, I feel, is something a lot of people don't want to deal with themselves. Some people I know like how their iPhone just stores all their data somewhere else. They don't know why or how it works, but just happens. I think that mentality will trickle into every facet of life. Even though Linux is arguably an excellent OS, people still go with the ease of Windows and OSX. The same will go for digital storage. Then cloud based graphics processing, see the Nvidia Grid. Then OS and everything else.
We will all just have terminals, I suspect. Easier way to control IP too.
Using wireless chips and accessories, engineers can now extract data from the unlikeliest of places -- pumps, motors, bridges, conveyors, refineries, cooling towers, parking garages, down-hole drills and just about anything else that can benefit from monitoring.
With strong marketplace demand for qualified engineers across the board that currently outstrips the available supply, there may never be a better time for engineers and project managers to advance their careers and salaries. Whether those moves are successful in the short-term and long-term is likely to depend on how the transition from one job to the next is handled.
Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.