If we are to keep the crooks and fraudsters at bay, we'll have to think differently about the way we store our data. The cloud provides a wonderful opportunity to do just that.
Written in a coffee shop at Earls Court, London, and despatched to TechRepublic at 40Mbps a day later from my home.
This morning I was presenting at a cloud forum and exhibition in London. All the big suppliers are here along with the largest number of new entries I have ever seen. Interest is obviously high and it looks as though deals are being lined up. In fact, I'd say we have probably reached the tipping point for service suppliers.
Over the past five years I have watched CIOs do a full 180 on the cloud from, "Not a chance" to "When can you deliver?". Now they're asking how soon can they implement a BYOD strategy for the workforce and migrate to full cloud working. It looks to me as if that time has come.
One thing that really struck me was the varied approach to security presented by the suppliers. It spanned good to bad, strong to weak, and comprehensive to simple-minded. I can safely say the full spectrum was represented, with different operating systems, architectures, protocols and interfaces.
Another thing that interested me was the number offering free or low-cost accounts for a limited access and data storage capacity. So I have a mind to open 20 to 30 accounts, and then parse my data into 20 to 30 folders and disperse them across these providers.
For the really secure stuff I can parse, encrypt, parse again, and then spread at random across multiple clouds. Each folder would be of a different length and format, and none would contain the full data or even a cogent string.
How secure can you get? Beyond Apple, Google, and NTRglobal et al there are now professional institutions and clubs providing cloud services, followed by the big corporate players like IBM, HP, NetApp and the rest. Each has its own security strategy and geographically distributed locations.
A few lines of code should fix it for users like you and me:
- Select random location
I'm not going into the detail here on what parsing strategy you should use but it could span the simple and linear to the random, non-linear and complex. And, of course, in the extreme the encryption of each portion could use a very different seed. The further I get into this, the better I think the security future will be.
No doubt governments and others will have been using this approach, or something like it, for some time. But this is the first time that it will be available to you and me, plus all the small to medium and big businesses out there.
Somehow I don't think the dark side will be so enthusiastic about it.