Experiences and practicalities of SaaS and Cloud Computing from an ardent supporter and user.
Cloud Security - perception vs reality
One of the first questions that invariably get raised when I speak about the Cloud is..."is it secure?"
I attempt to counter this by discussing the potential insecurity of most office networks and explaining that in most cases the Cloud is considerably more secure as the various applications are being hosted in dedicated data securities where security procedures are designed from the ground up.
That is not to say that breaches do not occur - of course they do. In this digital age where technogeeks do their utmost to hack into anything just to prove it can be done, there are going to be instances where security protocols in the best run data centres are tested, sometimes successfully. After all even the Pentagon and the CIA are not invulnerable from the most determined hackers.
The other day, I was arranging with a client to transfer some documents that were needed for their accounts and as there were quite a few I suggested that she got them to me via Dropbox, the online storage facility that I use for all my files. She responded that her IT Director was not happy about this as, apparently, there had recently been some sort of security breach at Dropbox and he was concerned about the vulnerability of the data.
We resolved the issue by zipping up and password protecting the documents before they were uploaded but I do wonder if all this actually misses the point. Firstly, the fact that any attempt at a security breach had been discovered in the first place is surely what it is all about... how many office networks are geared up to do this. The quote from the Dropbox blog on the incident is worth noting:
..."Today we sent an email directly to users whose accounts were likely compromised during the recent security lapse. According to our records, there were fewer than a hundred affected users and neither account settings nor files were modified in any of these accounts. Our team has been working tirelessly to review what happened and to make sure that it never happens again. At this point, we have contacted all these users and provided them more detail."
They updated a little later :
..."Yesterday we made a code update at 1:54pm Pacific time that introduced a bug affecting our authentication mechanism. We discovered this at 5:41pm and a fix was live at 5:46pm. A very small number of users (much less than 1 percent) logged in during that period, some of whom could have logged into an account without the correct password. As a precaution, we ended all logged in sessions."
Now they are the first to admit that the error, whatever it was, should never have happened, but lets face it - in the best run organisations things do go wrong. The point is, it was quickly spotted and remedied and users can be secure (pardon the pun) that the systems are in place to spot and rectify these issues. To an infinitely greater degree than most on-premise setups. After all it is their business to ensure that the security is as fool proof as possible.
Dropbox have also published on their website some information about their security protocols :
..." We encrypt the files that you store on Dropbox using the AES-256 standard, which is the same encryption standard used by banks to secure customer data. Encryption for storage is applied after files are uploaded, and we manage the encryption keys.
Dropbox uses Amazon S3 for data storage. Amazon stores data over several large-scale data centers. According to Amazon, they use military grade perimeter control berms, video surveillance, and professional security staff to keep their data centers physically secure."
I don't claim to be a security expert, however I do know that reading that, makes me feel confident that my data in the Cloud is as secure as it needs to be and a darn site more so than most UK businesses.