How secure is your data in the cloud?
Amethyst's Iain Ransome discusses the pros and cons of the cloud
What is ‘the cloud’?
Traditional computing involves individually controlled and owned computers and networks; think of your work PC running an office application and connecting to your employer’s file servers and email system held in the company’s local server room.
Cloud computing removes the need to own and operate all these individual systems locally, by providing them as a service, often shared by multiple users and organisations. The definition covers many systems but examples include:
Storage clouds, such as dropbox, iCloud and skydrive
Software-as-a-Service, such as Office 365 or Google Docs
Photo and media, such as Picasa and Flickr.
What are the security risks?
The major difference between traditional and cloud computing from a security perspective is the loss of control of your data. Whether it’s who could have access to it; what control you have over it; or what happens when something goes wrong.
Who could have access?
Ideally you are the only person who has access to your data, but there could be numerous reasons that someone else has access to it:
The ownersand administrators of the platform could have access to all data on the system (unless it is encrypted)
Complex privacy settings mean you may be sharing more than you think
You are relying on the system being securely coded – what happens if your data leaked into someone else’s account, or the password reset function is vulnerable?
What control do you have?
Once your data is uploaded to a cloud platform, you may lose control over what happens to it and where it is stored, for example:
If you delete something it may not be removed, it could simply be hidden from view and remain on the system; similarly if you delete your account, how can you be sure it is really gone?
You typically have no way to decide or determine where your data is stored. Just because you are based in the UK, doesn’t mean the provider will store you files in a UK datacentre. Your content could become subject to the laws of another country, and may be accessible to foreign companies and governments.
What if something goes wrong?
There are numerous issues which can occur in business, and by using a cloud provider you are subjecting yourself or your business to the risks of that provider.
What happens if the cloud provider ceases business and gives you a few days to reclaim your data, which could be many gigabytes? (Google “Nirvanix” for an example of this)
What happens if their datacentre burns down or floods – will you be able to recover your data?
Even something as simple as a local internet fault will mean you lose access to your cloud data until the situation is resolved.
Should I store my data in the cloud?
Cloud computing has become part of modern computing, and the benefits for individuals and businesses can be huge. However there are also risks associated with the loss of control over your data and systems.
The fundamental advice is to understand the basic risks associated with cloud computing; understand what rights to your data you are giving up; and then assess those risks against the value of your data.
In deciding what data you should put on the cloud, you will most likely want to consider:
Availability: What would happen if you lost access to your data for a day; a week; a month; permanently?
Integrity: How much do you need to trust the accuracy of your data in the event of a breach?
Confidentiality: How sensitive is the data? What would the cost be if someone unauthorised gained access to it? (Consider monetary, reputation and legal).