Servers

Poll: Should you really trust the cloud with your valuable data?

Cloud computing is the latest, hottest thing right now, but should you really trust Microsoft, Google, Amazon, or anyone else with your valuable data?

OK, I am declaring it right here, right now: 2011 is the Year of the Cloud. This buzzword "cloud" is wielded by just about any company that sells a server or an operating system these days. But what exactly are they talking about? What does "cloud" mean and should you trust companies like Microsoft, Google, Hewlett-Packard, Amazon, et al. when they say they can save you money and keep your data safe?

I am no Luddite when it comes to technology. If something comes along that makes sense and makes my life easier, I will adopt it as soon as it is practical. However, the people selling cloud computing and other web-based services have yet to convince me that the merits of their products and services outweigh the liabilities.

I understand the potential of these services and I am willing to entertain the idea, but there are so many questions unanswered or, worse, glossed over. Just in the past month or so we've seen examples of security breakdowns and outages that were very costly for companies that had placed their critical functions in the cloud. (Google, Amazon)

Earlier this week, Deb Shinder discussed Microsoft Azure, which is the company's "cloud services" platform. The striking thing about the post, and the discussion that followed it, was the confounding way Microsoft has presented the product. Much of the discussion reflected confusion, uncertainty, and mistrust about security, uptime, and benefits. And these are IT professionals expressing those concerns.

Is it any wonder that a survey by The Small Business Authority shows that 71% of small business owners had never heard of cloud computing? For those of us in information technology, that number may seem staggering since we have been talking about the general concept for years, but it shows that the companies selling cloud services have not been communicating effectively.

All this uncertainty needs to be addressed before we get the mass adoption of cloud computing services that many are predicting. And the first uncertainty that needs to be addressed is trust. So I am asking TechRepublic members, do you trust cloud computing services? Do you trust that your data is safe in these systems? And, as an IT professional, can you (should you) convince decision makers to also trust these services?

About

Mark Kaelin is a CBS Interactive Senior Editor for TechRepublic. He is the host for the Microsoft Windows and Office blog, the Google in the Enterprise blog, the Five Apps blog and the Big Data Analytics blog.

57 comments
will_smith
will_smith

if you are using for a backup solution to your localized domain, then i think its a great choice for a DR plan

N4G
N4G

Why in the hell would you trust a company that would easily sell your info to the government? Google has on several occasions gone out of their way to shut down multiple websites that they did not agree with. Haven't you guys heard the phrase Absolute Power Corrupts Absolutely? If you trust Google with your information you will be let down very soon.

dshadrak
dshadrak

Control is important - cloud computing involves hosting, which involves fees - no one wants to risk business interruption caused by a billing dispute with a vendor. They also don't like the idea of many people unable to work, because their Internet connection went down. We have employees across 9 states, and we do most of our work through hosted connections - but it's OUR hardware, OUR software, and we have critical systems duplexed to be 100% available. We're not crippled if one or two vendors have a bad day. We've always been a "BUY, DON'T RENT" kind of company, I guess - we don't see a lot of value in renting our software and storage.

sysop-dr
sysop-dr

I would never recommend that the company i work for ever store any data in "the cloud". And our data is now stored there. But other companies I would, and here's why, they already do. It comes down to what you call cloud. I have data in the cloud because I have to be able to get to MSDN so I need a Hotmail account. Hotmail is by definition cloud. A place outside of your company that stores data in an internet server. Now not a heck of a lot of data there but some. And we all use Google and to make life somewhat easier I use iGoogle. Again, cloud but again not a lot of data. But if your employees are using say Hotmail and gmail and they send stuff home to read or whatever, guess what your data is in the cloud. Blackberries? Your email, chat, their social stuff, cloud. You use cell phones right? Can you see your bill on-line? Cloud. So maybe you don't put your most sensitive data but whether you want it out there or not a lot of your data, personal and corporate, is already in the cloud. And there are companies who do all kinds of stuff on-line, like using Facebook for work and online virtual worlds for meetings and meeting customers. I hope they know what they are doing. With the spate of acknowledgements of attacks of all kinds of companies lately, Sony, energy sector, defense contractors, etc. if we have learned anything it's that there are some very determined people out there trying to steal corporate data. And that a lot of companies apparently have no clue how to properly secure their data. I mean, SQL-injection attacks working in this day and age? So if the cloud companies like MS and Google have any idea at all about security it is likely better than most companies keeping the data themselves, but that really expands your perimeter and now you have to worry about rogue employees in both your company and theirs, but if your data is little more than a list of your clients and you have no budget for a full blown IT department with security experts you are probably better off in the cloud. If you deal with secrets, your own or otherwise, and if you keep data on your clients more than who they are and what they bought, especially credit or personal data, then you have legal requirements that demand you keep those secret and just storing it in the cloud may push the boundary of if you are on the right side of the law so cloud is not an option for that data, encrypted or not. So there you go, make your own decision but remember these two things, you are already using the cloud, there is no way you can't be and no matter how hard you make it, if your data is on a system that is on a network that is connected eventually to the internet, even by multiple layers of buffering networks, it can be gotten to by a determined attacker. If you think you have it covered, there will be something, somewhere that will be found that will make it accessible. So don't stop trying to make your defenses better and keep those intrusion detection tools (and everything else) up to date.

MarkGyver
MarkGyver

My computer's running a Linux distro, updated daily, and backed up weekly. Also, I'm paranoid about what programs I install. I think my computer is within the top 5% best-secured personal, end-user-maintained systems. However, it would be trivial for anyone with a basic Linux live USB drive to access any of my files, because I didn't enable encryption for /home during installation (old system, too much overhead, etc). Additionally, anyone who breaks into my house could fairly easily steal the external hard drive I keep the backups on. I have no illusion of my computer having security against physical attacks. Google on the other hand has fenced off facilities, complete with checkpoints and guards watching 24/7. Add in the specialized badges and biometric scans required for opening the doors, and its physical security is clearly several orders of magnitude better than mine. Sure, they're prone to government agents "requesting" my data they host, but such agents can already easily violate my Fourth Amendment rights to equal effect by sneaking into my home or "investigating" whatever electronic devices I happen to fly with. Google has a lot of information on me, but they have proven to be no worse than the people and institutions I already have to trust. Here's a list of such info and how it's already less secure than Google. * Credit card and other financial info (via Google Checkout and emails from my bank): Several physical merchants already have it. Also, my card number, PIN, and 14-character-maximum online banking password would take several orders of magnitude less time to crack via brute force than my Google account's password. Finally, all the financing is done with a fiat currency controlled by a corrupt government, so it's all pretty precarious even if I keep it in a suitcase handcuffed to my wrist. * Name, address, and telephone number: Normal social engineering attacks could probably get this out of me with only a few hours of in-person effort over a couple weeks. * Browsing data (Chrome Sync): Pretty much everything in my browsing history and bookmarks would be safe for me to share with the world. Saved passwords are all for sites I could handle losing access to and it's already too easy to have passwords reset via email. * Personal conversations (Gmail): If you pry deeply enough and use social engineering against enough of my friends, I'm sure you can get much more embarrassing stuff. As for incrimination, the legal system is intentionally such a mess that the corrupt government here could easily imprison anyone indefinitely with near-arbitrary reason. There are people that secure their data enough that sharing it with Google would add significant risk, but such people are an unfortunately small minority. As for me, even though Google is far from trustworthy, I still consider it far more worthy of my trust than most everything else I'm already forced to trust.

JTONLY
JTONLY

"Three can keep a secret if two are dead." still applies.

jpb21k
jpb21k

One of the key themes here is security. We would all like to think that we keep our data so much safer than the folks at Microsoft, Google or other cloud providers. But is this really true? Have we all had our and our client's networks independently tested for security? Do we perform constant monitoring of our network environment? If in the medical fields, do we take the time to ensure that all covered entities have met the required security protocols? If not, how do we really know that the onsite security offered by our services is that much better? Or are we satisfied with the answer "At least it is my responsibilty." No accusations or assumptions one way or the other, but some food for thought. Also, we have been using some form of cloud based services with very sensitive personal information for quite some time. ktucker makes good points about this.

ktucker
ktucker

There should be no doubt in the minds of IT professionals and company owners that cloud computing should not be used in critical situations. To keep it simple and I am sure that is not necessary for this segment of readers but let's do so any way. This is the internet we are talking about folks. As mentioned in the article ... Google, Amazon, the Internet as a whole (compromised by China a few months ago as a test and proof of vulnerability) and our own US government which receives over 1000 hack attempts a day according to a governmental security specialist are all at risk. It has been admitted that the US government has lost important data relating to national security through internet based hacking infiltrations. Now if the US government, who sends their equipment which is sent from overseas, to another company to inspect it for malware and other devices can be hacked ... Isn't it likely that Amazon, Google (could be the government ... hhhmmm) could be hacked. Let's put it on a more personal level. What about Capital One, CitiBank, Wells Fargo, Smith Barney and because I have worked in medical for so many years ... Advanced MD, GE, Siemens, Eclinical and let's not forget all of your VOIP providers in Vonage, Voice Pulse, Digium, Avaya etc. All of these companies have or easily can be hacked and we trust them with our socials, driver's license information, family history, credit card numbers etc. Most of these companies offer cloud-based computing along with standard in-house designs to their customers. Some only offer cloud-based computing. How easy is it for a novice hacker to crack an encrypted wireless network? It can be fairly easy at times. I've done it. With a bit more knowledge would you not think it would be possible to infiltrate a cloud-based service with the proper research? Some of it is simple social engineering very similar to the style used by Kevin Mitnick years ago. Let's face it ... nothing is safe once it is available via the web. We can put a big door with 10 or 20 locks on it but it can still be broken into. It may take longer but if the reward behind the door is worth it to someone then time doesn't matter. Think about the worm that destroyed nuclear cylinders in Iran. It was supposedly a release by Israel and the US to do this. Warfare has now been set forth by use of the internet. Yeah ... I think our business information is pretty safe in cloud computing. I don't think so! If on a scale of 1 to 10 with 10 being the highest ... if your data rates at a 3 or above ... don't store it using cloud computing in my opinion. But that is just an opinion with some crucial recent historical information to consider.

RG Bargy
RG Bargy

Cloud computing sounds great but at the end of the day some of us (I'm in the Legal Services field) have obligations of confidentiality which we have to observe. I don't see big banks putting their data into the Cloud and until our regulators are satisfied that the Cloud is a safe repository we won't be using it anyway. Even then one needs to be very careful about this. It's seriously bad enough that gamers' details got hacked - imagine what would happen if that was your personal private information given to your lawyer. Back in the days of paper we had a law firm which folded, they left their files to office clearers and they left the files to blow around the street... Not ideal. Cloud computing strikes me as the equivalent of an open skip in the street.

ironwolf
ironwolf

...is NOT safe and I don't think it ever will be. The cloud is stated to be the 'hottest' technology right now and that's just because it saves big business BIG money in LOCAL IT costs. Big business wants big money and they will cut anyones throat just to get a bigger bottom line.. and of course it looks "cool" to be in the cloud in the business world. The consumer part of the cloud adoption is just a trickle-down effect of the big business pushing and pushing it down our throats. The cloud IS cheap, very handy, and easy to set up but is NOT secure and I truely don't think it ever will be.

realvarezm
realvarezm

In my own experience, I know new technologies are always hard to handle and requires polishing and little details improvement. Eventually the company that I work for ant its clients will use this service, but right now I think it???s in the final stages of the beta tests that all new products has to endure. It is the next step in the evolution of the IT environment but like I said before it has to evolve a little more.

xandian
xandian

I don't believe in the CLOUD. #1 - The Cloud just has a big bulls-eye target on it. If it gets hacked everyone is hacked all in one place. #2 - If your internet connection/service is down, your information is not accessible. #3 - Your records, just like the cell-phone records can be accessed too easily by authorities from the Cloud Company ( not that I necessarily have anything to hide).

gep2
gep2

The real issue here isn't (mostly) the privacy of your information. The GOOD part of "cloud computing" (at least if the cloud provider in fact does proper backups and protection against hardware failures) is that your data is backed up offsite (and hopefully at MULTIPLE sites so a tornado taking out a cloud data center won't result in your data being lost). The bigger issue is simply that if all your company's computing and operating capabilities are offsite in the cloud, all it takes is for your Internet connection to go down for your company to be literally dead in the water... and to stay that way until it comes back up, which is something that you probably have little or no control over whatsoever. It's one thing to have an inhouse server fail... at that point, you can have your own DP staff (or contracted consulting folks) get it back up ASAP, and in both cases they are ABSOLUTELY MOTIVATED to get you back up PRONTO! If your services are hosted from some huge operation like Google/Amazon/Microsoft/whatever, or your Internet access is through some company like AT&T or TimeWarner or Verizon, when they have a failure, you're just one of the hoi polloi (probably thousands of customers) whose service is down, and they'll get to you when they get to you. Meanwhile, if you're fully "in the cloud", your company may well not be able to take or ship orders, receive deliveries, pay vendors, process incoming payments, or indeed much of anything else... not even type letters and mail important business correspondence!!! How many days could most companies keep going with all their employees sitting on their thumbs like that? Do you just close the doors and send all your employees home until your Internet connection comes back up, or what? And how many days might that take? Or if the President sitting in the White House hits the "Internet kill switch" for whatever reason, are you REALLY willing to have your company simply cease operating for the duration (and do you think he really cares about YOUR company's issues at that point)? Consider the recent outages that Sony has suffered on their online gaming "cloud services"... with so many games now interactive and online, their customers have had their expensive gaming platforms turned into useless high-tech paperweights, for days or weeks. It could have been just as easily your company's day-to-day operations subject to those kind of disastrous interruption. And there would be damned little you could do about it, with not only your financial/inventory/customer/vendor data no longer onsite, but not even your word processing or spreadsheet software on your local systems anymore...! One of the big advantages of what we once called "dispersed data processing" was that key data was brought back closer to the people that it was the most important to. If one departmental system were down temporarily, it had minimal effect on the company's operations as a whole. If one secretary's computer on her desk failed, that didn't prevent the word processing or spreadsheet work getting done by the person working in the next cubicle over. The result is a "fail-soft" situation, where company operations can continue in at least some sort of degraded mode until the failed system is repaired or replaced. And the people near where those systems are UNDERSTAND what the data is that they have, what it's supposed to look like, and what they need to do with it. Moving company operations to the "cloud" makes your company's continued operations INCREDIBLY fragile, and suddenly dependent upon (MULTIPLE!) third parties. And what's important to them may be RADICALLY different than what's critical to you. (The comment above about Photopic deciding for their own reasons to simply shut down and no longer keep its users' photos online is a good example). Given how relatively inexpensive it is for a company to maintain their own server(s), compared to their overall costs of keeping their doors open... I think it's incredibly short-sighted for them to risk seeing their company dead in the water because their Internet connection goes down.

lloydmitchell
lloydmitchell

... indeed. When it suited the organizations that controlled their data and cashflow, access to both was cut-off. I'm not suggesting that anything most of us have is so interesting to the security forces, but it's a reminder of who actually 'owns' the data once it's 'out there'.

dogknees
dogknees

They are happy to have penalty clauses in their contract with me. That is, they will recompense me for any losses due to outages or loss of data.

DanielS
DanielS

People got rid of ioutsourcing servers and now we have a new term for the same thing called Cloud

rajeshr
rajeshr

Remember Wiki leaks. If it needs to leak it will leak.

micromaze australia
micromaze australia

I look at it this way. If Google were hacked by someone and they started to download data from the cloud - how much could they download before google found out and stopped it. Lets say they were able to download a terrabyte an hour and they werent discovered for a week. Thats 168 TB. I am assuming that google has a much, much larger amount of data stored than that, so what are the chances that they have downloaded my data? If they did then it is mixed in with the other 168TB of data, they would then have to organise it in some way that they were able to extract useful data, and is my data going to be more useful than someone elses? They then have to act on the information they have. I reckon my chances of losing valuable data to someone who would actually be able to use it for something is pretty slim. I'm probably more worried about a previous staff member or a current staff member doing something with local data than I am about losing it in the cloud. And as far as security - I still back it up somewhere - its not just in the cloud.

iain_stuart
iain_stuart

Tell this to all those people who lost their photos in the Photopic disaster - what happens if Google goes out of business? Don't laugh some very old and respectable banks did just that and who owns your data in the "cloud" and how do you get it back on-line?

info
info

As an auditor/fiscal advisor the ONE thing that stands out in our profession is confidentiality of clients' information. For my business, therefore, I would NOT consider any cloud computing. Trustworthiness of cloud computing sits at a 0-level for me.

jkameleon
jkameleon

... do exactly the opposite. In a couple of years, it's going to be the next big thing. So, whatever you do- stay away from the cloud.

Albert Widjaja
Albert Widjaja

Why does people doesn't trust cloud provider from the big company like Google and Amazon ?

jsaubert
jsaubert

My really valuable stuff isn't even on my computer, it's backed up on an encrypted portable hard drive that I keep in a safe. It's all medical, tax and financial documents along with family records. I keep a back up of that in a safe-deposit box. It's a lot of hassle but it's worth it. Especially on the family history stuff, some of it are HD pictures of documents 300 years old and lost in archives so I'm really glad I've got what I have. I could never trust any of that to something outside my direct control.

Tony Hopkinson
Tony Hopkinson

The question misses a key variable ot two, how much and with what, and when.... and so remains unanswerable. Unless of course you have some vested interests in marketing the cloud, no matter what...

mbbccb
mbbccb

I see "the cloud" simply as a way for the likes of Google and Microsoft to sell you services you don't really need. I cannot imagine storing my data on anyone else's system, no matter who it is. I work for a fairly small organization, but we already have in place our own solutions that give us many of the "cloud" services offered by Google or Microsoft. We also rest easy, knowing that our data is protected by a small group of professionals who understand security. I am sure our data is not 100% safe, it never is, but I can say with confidence that the information is being protected using both state of the art technology and industry wide best practices. If my place of business was the victim of even a small breach, the cost would be enormous and could very well ultimately wind up being something from which the business could not recover. How can I, in good conscience ever trust anyone who is not directly accountable for the security of that data to manage and secure the data center which houses it?

Slayer_
Slayer_

Even if the company promises to do no evil, even if they do perfectly lock it down. If this were the case, it would eventually get hacked. It is near impossible to prevent a system from being hacked, short of unplugging it from the wall and storing it in a locked safe and placing it in orbit around Mars.

Tony Hopkinson
Tony Hopkinson

If the bad guys had that they'd just get you to logon and and then steal your stuff. All they need is a pc, an internet connection , and you, no need to bother googles guards, who work for google by the way. You are operating on a presumption of trust, security is the presumption of distrust. You give them your data, you give them control as well, do you trust them with it, security is smoke screen, because it's not secure from them, that's the real issue.

Tony Hopkinson
Tony Hopkinson

start telling you they've designed the virtual processor so you can't hack out of it ans access someone elses stuff.... The more pople who have access to something the less secure it is. Was one, go cloud it's two, and that's given complete secure connection between you and them. Do they have the tech know how and ability to do it better than your average coroperate tech (pr even consultant ( :p ), quite probably. A question to consider though, why should they, and how would you know they had..... It's not really about security, it's about trust, security from them is in the bin as soone as you put your stuff on their kit...

mvirard
mvirard

I think the arguments against Cloud Computing developed by gep2 and others are valid (Internet failure vulnerability). However they do not address the possibilities of two classes of data/activities: critical ones and non-critical ones. While critical ones should remain on the premises there is no reason to deprive oneself from the economy of scale afforded by Cloud Computing for many ancillary and secondary tasks. Wise-men (and wise-women) will investigate their data and activities in the light of criticality and choose accordingly. For some applications it may not be obvious and requires a rather sophisticated risk analysis but if the $$$ at stake are high enough, it will be done. One potential effect could be the tearing apart of applications into two bundles: the touchy part and the no-so critical part in order to cash in the Cloud Computing benefits with no increase of company's vulnerability. So Cloud Computing will create work for us...:-)

Neon Samurai
Neon Samurai

The greater concern is "who has access to your documents and other related information entrusted to Google's servers?"

Neon Samurai
Neon Samurai

It's not just the risk of an outsider breaking in to Google's servers. Google staff are insider threats to Google's stored data. A Google insider could be syphoning off data for quite a long time before being caught. Then there is the likelyhood that it would be a targetted attack for specific data sets rather than simply a mass data dump for later analysis. What if the insider walk away with username/passwords and all related account information. Consier the Sony fiasco. Sony can't simply have users visit a website and reset there passwords because the validation questions when resetting a password include information lost in the data breach; criminals have the same information valid users require to reset accounts. Imagine someone with Google's user information including required password reset details.

JP-470
JP-470

I recently got email from a dozen companies where I have accounts letting me know that a service company used by all of them was hacked into.... One source of failure for that many of my accounts is pretty frightening!! So why should I trust a public cloud for my computing??

Ron_007
Ron_007

The cloud itself, like any tool, is not untrustworth, it is people (and governments) who mis-use it that are untrustworthy. If you do not live in the USA (and even if you do), take a look at these articles:

Tony Hopkinson
Tony Hopkinson

Their best business interest isn't necessarily your's maybe...

Neon Samurai
Neon Samurai

The trust relationship is a two party relationship; you and your stored data. Using a storage service adds an unnecessary third party into the relationship. Involving a third party in what is actually a two party relationship can only reduce security. True security and encryption should be in the control of the end user not someone inbetween. Consider cell networks; we don't have phones that encrypt communications on the phone under the control of the device owner. Instead, we have the promise of encryption provided by the carrier who actually has several unencrypted hops within it's networks. Even the encryption provided may be of no use considering how long GSM has been completely broken yet how long carriers claimed otherwise and now, having been forced to recognize it, how long they'll take to eventually fix it if indeed they ever do. When I send an email, I encrypt it myself rather than relying on my ISP to encrypted it or assuming every hop along the network to the destination will actually be done over a secure server to server connection. That is more secure because I control the encryption. I know that when it leaves my computer, it's locked up with a key that only the recipient should have access too. The involved third party providing hosted storage is not greatly invested in protecting your data. Google may be deeply invested in protecting company data but they have more incentive to hand over your data to the first person in a nice suite who comes asking versus presenting a warrant and legal justification. If it's a Sony secret, they'll unleash an army of lawyers against even an individual mucking with there own purchased property. If it's a customer's secret, they'll invoke "we've never been broken into before" and let over 24 million individual's intimate information walk out the door through negligence the most basic sys admin knows how to avoid. That large third party company is made up of thousands of individual employees. How many of them have access to your data? How many of them can honestly be trusted when unwatched and sitting infront of the data store? Consider that even the government's driver's license and passport records have become lunch time entertainment for supposedly trustworthy staff looking up celebrity entries for amusement. The controls in place did not prevent casual and arbitrary use and the staff hired where obviously not taking the security of the data seriously enough not to abuse there access. What of a company like Google; statistically, someone is going to abuse there access for one reason or another. Forgoing how trustworthy the individuals in the third party are, how trustworthy is the third party's marketing message? Drop Box just had to change it's marketing from "not even our staff can access your stored data" to "uh.. well, yeah, our staff can indeed access your stored data but we promise not too". So, the entire time Drop Box has been operating up until a week ago, they've been claiming one thing and doing another. Then there is infrastructure issues. If the third party decides to cut off the service, I can't get at my data. If the third party's servers go down, I can't get at my data. Any network outage between the third party and me and I'm not getting at my data. If the third party is storing anything more active than a backup you could be screwed without access to your data. Also, consider "Rambam's Law" (I think that's the unofficial name anyhow); Any information given out will eventually be used for a purpose it was not intended. You may have intended to sign up for a loyalty card (customer points card) though you did not intend for your personal details and purchasing history to be analyzed and sold to unknown third parties. You may have answered a survey because you wanted a discount on a purchase or the free pen they where giving out in exchange. You may have dropped your business card in a jar because you wanted to win the draw for some prize. In both cases, the purpose is to collect information which will later be analyzed not to give you a discount or whatever the draw prize was. You get the prize, the company gets your business card and everyone else's to fatten up there contact database; which will eventually be used for a purpose it was not originally intended. (Governments and marketing firms are both buying up any databases they can get copies of) On Facebook and Myspace, you are not the customer; you are the commodity being sold. The real customers are the organizations that buy the data and analysis from these social networking websites. Even here on TR, our clicks and add viewings are the commodity being sold to advertising companies; the real customers who pay TR to maintain this eyeball magnet. For me personally, hosted storage comes down to these points. True security means putting control in the hands of the user only not any third party. When I can achieve all the benefits of a hosted storage provider (redundancy, remote access, security) why would I involve a third party with no additional benefit? Backups are perhaps the only exception. It's always good to have backups in multiple locations and a hosted storage provider is, by default, an off-site location which should have it's own hardware redundancy. I can also encrypt the backups into Truecrypt volume files or similar cypher-text blobs retaining control of the data's security rather than relying on the hosting provider. A backup shouldn't be an ongoing process so I can deal with a long transfer time when the large backup blob is updated. If I loose connectivity (network issue, service provider decision, etc.) I should still have a backup in yet another location.

crcgraphix
crcgraphix

Look it, there are private clouds that are configured with NASA, and they have 854 layers of stack servers running 358-bit SHIVA back-and-fourth highly-secure data encryption, and they're not hackable.

ydecelles
ydecelles

I use the cloud for its convenience of access but i treat it as non secure and volatile.

Tony Hopkinson
Tony Hopkinson

Your in house state of order processing system, well that's candidate for not moving for many reasons. One of the things they cite as a target is Mail servers, are they critical or not... Hosting word, or excel instead of intalling it locally on PCs, maybe, but if you need t keep people in house to maintain your 'critical' systems, the oft touted benefits of the cloud (get rid of your entire IT effort :p ) have gone. You already have a huge investment in all this non-critical stuff, it's not all going to expire at teh same time, so paying your cloud provider becomes a cost not a benefit Green field site, doable, existing legacy mish-mashes, I'm dubious. Cloud has never worrried me in terms of finding work, in some ways I'd welcome it, people who can design and write proper code will be worth their weight in gold.

OH Smeg
OH Smeg

M$ Coffee or any of the other Encryption Back Doors made available to the Authorities by their makers? The reality is that there is nothing secure the best we can hope for is that when we send something the intended receiver reads it and not someone else using their computer/workstation/user account. If we go crazy believing in Encryption being the cure all of Security we have failed before we even begin. ;) Col

SgtPappy
SgtPappy

we will never need more than 640k of memory.

HAL 9000
HAL 9000

It took me 8 minutes to break it at a Trial. The correct term is Not Crackable but when I can be shown one that is really Uncrackable I may start to believe that it's part way secure. Of course I have a Completely Uncrackable system here It's not turned on, doesn't have a Power Supply in it or have a Keyboard, Mouse Connected. As I said Completely Uncrackable but it';s also useless and can not be used. ;) And then when you have a Uncrackable System in Place lets start talking about Uptime. :0 Col

donaldgagnon1
donaldgagnon1

The cloud storage has made moving and retrieving and working on data and files between systems and computers far, far easier, but, every last bit of it is always backed up on a very 'real' system. There is a vast difference between using a resource and putting blind faith in it.

Slayer_
Slayer_

Maybe the know everything that goes on... After Twitter, they are sure to try and conquer us.

bni1369
bni1369

In short, an 'un-pickable' lock can be created. The problem arises when you lose the key or the forget the combination.

Neon Samurai
Neon Samurai

I wouldn't say encryption is some magic silver bullet but I would suggest it's a required key component of improving security in a system. Backdoors I consider a sign that the provided system not secure; insecure by design infact. A backdoor is literally a demonstration of the security-through-obscurity falicy. "We have a backdoor for providing customer support but it's all safe and secure because we don't tell nobody about it and no one could ever possibly discover it." If Microsoft is shipping product with a backdoor; it's a broken product. I honestly don't even like that bitlocker can be unlocked by the domain adrministrative account. With administrative rights being a primary target of most system breaches, the design already favors convenience at the expense of negating the benefit of bitlocker. Allied Telesync has demonstrated that it ships products insecure by design with this weekend's backdoor leak. Backdoor accounts hardcoded "so we can support customers" because no one has ever been able to discover the existance of a user account and password in the past right? The real issue you highlight is the implementation of crappy encryption and authentication systems. Something that is designed to be secure will indeed improve system security. Hence, my previous mention of Truecrypt. A trustworthy bit of encryption developed with peer review and transparency and which has proven itself by withstanding the FBI's cryptologiests hammering it for half a year. Ironkey is another enryption based product that has earned trust. A secuity researcher known and feared by product manufacturers after having found weaknesses in pretty much everything reviewed took a run at Ironkey. Finding no weaknesses in the product, he went on to interview the company. Finding that even the CEO could sit down and discuss security at an engineering level, the researcher started using Ironkeys to store personal and customer information. (If you really want to be paranoid, use an Ironkey to host a truecrypt volume and use the truecrypt volume to host your keepass AES encrypted password database. :D ) Now, with the email issue; sure, a user may allow another user to read there email. The end user has always been the weakest link in the security chain. If some user essentially hands the certificate keys over to a third party, encryption isn't going to help. They are voluntarily voiding the confidentiality; one of the three purposes of enryption. That does not negate message integrety and sender authentication; the other two intended purposes of encryption. Nor is it going to negate the benefits of client to server and server to server encryption if both of those are in place. I'm still going to trust a system with well implemented security far more than a clear-text system.

bni1369
bni1369

Whatever a user puts 'up in the Cloud' becomes part of the 'public domain' and logically, becomes part of the ether out there. I always tell my clients and my friends and family that anything uploaded to the Cloud is no longer their private property and will, likely be 'out there' forever. To that, if you want it kept reasonably private, don't toss it out there.

jck
jck

Sony knows... ACK ACK! :^0