In my last article I talked about the basics of Cloud Computing and the definition, for those of you catching up it can be read here.
Today I would like to talk about security and privacy of data.
When I talk to people about Cloud Computing security is often a major concern, ‘its my data I would not trust it to anyone else’ is something I often hear. There are two components to security, physical location and privacy. Lets deal with physical location, I have only come across one client who comes close to a level of security that Cloud suppliers consider when they build their infrastructure, and thats because they are in the business. Take a look at the video of Googles’ Security measures at one of its data centres.
So physical barriers, barbed wire, 24/7 security staff, video monitoring, intrusion detection, retina and biometric access scanners, fire protection and extinguishing systems. We all have this protecting our data don’t we? Clearly not, as a potential customer of Cloud Computing, do your due diligence well, but you are going to have to face the fact companies such as Google, Amazon and Microsoft can physically protect your data better than you can.
Privacy of the data that is stored again is better handled by other professionals, whilst I might focus on Google here you can be rest assured the other big players will be implementing the same standards or striving to. On disk at the data centre your data is encrypted, your files have random names and not identifiable as yours. This makes it virtually impossible for someone in the data centre to access and read any data and even if they did they could not attribute it to a specific account. As you will have seen in the video, end of life hardware is securely destroyed to stop the chance of any data ending up somewhere it shouldn’t be even though it is encrypted. Google is committed to security at all levels, this can be seen through their ISO 27001 certification and security Audits. Again I challenge the reader to be implementing such stringent rules to the privacy of the data stored on their own servers.
So the data is physically secure and the data is private but can I access the data securely, you guessed it here is the rub, if you already use Google Mail or Hotmail you will see that the websites are delivered securely (it says https at the start of the URL). So from the moment you click save or send and data is transmitted to and from the Google or Microsoft servers it is 128 bit encrypted (pretty much unbreakable), so no one can snoop on it successfully between your PC and the Server. Once it is on your PC/Device it becomes readable. Security’s weak spot has always been and will continue to be end point, can the end point be secured? There are ways and means. You can security vet your staff, install anti snooping screens, install, maintain and update all manner of Antivirus, Spy and Ad ware software, and you could even implement encryption of the data stored on your PC, some of this becomes a lot easier once you adopt the cloud, for instance as admin to my Google Apps account, I can bar people at a moments notice from all the systems they use, I can even remote lock or even wipe their mobile device. If you are not doing most or all of these locally then I propose that the privacy of your data on the Cloud Suppliers computers is not really an issue.
I have done my due diligence, most risk is perceived risk rather than actual and I take the steps required to protect myself and my clients locally, and I am more than happy to leave my remote security and privacy issues in the hands of experts.