Cloudy security

24 02 2016

“Cloud computing” two words guaranteed to generate a multitude of reactions, from confusion to fear and much in between. Most have heard of it, many talk about it and some even understand it, but what has it got to do with Joe or Jane Public and should you care?

In this post I’m going to try to blow away some of the fog about Cloud, but as it’s only a blog entry and not a book I’m not going to have the space to address all of the issues, opportunities and plain BS that the topic encompasses.

This is not written for the expert, although I welcome your feedback and comments, it’s written for the man or woman in the street who is wittingly or unwittingly putting their personal information and precious photos out there in Cloud Land. Why write a blog post on something that has been around for years? Well I’m finding that as people become more adept at using technology the less they understand it. This is for those people.

So first things first, what (or even where) is the Cloud?

As is so often the case there is no simple answer, or even total agreement on what the answer is. One thing you can be sure about is that it’s not a cloud, or even ‘the internet’.

The Cloud can best be thought of as computing infrastructure that is run by other people where you can store your electronic files or do computing stuff.

Cloud breaks down into three main types, public (anyone can use it), private (only you can use it) or hybrid (a bit of both), and the services offered break down into PaaS (Platform as a Service), SaaS (Software as a Service) or IaaS (Infrastructure as a Service). There is also FOaaS but I’ll let you Google that one.

For most of us we could not care less if it’s a P an I or an S, or even if it’s public or private (but trust me it will usually be public), all we care about is that we have somewhere to store our pictures or music or whatever and we can access them from our phone, tablet or desktop from anywhere in the world, and share them with anyone we want to at any time, ideally with the minimum of fuss.

I’m not not going to touch on Office 365 or Dropbox, or how those of you running your own businesses might want to make use of the Cloud (maybe that’s a topic for another blog), just the ‘in your face’ ones that almost everyone is using by default.

iCloud (Apple), OneDrive (Microsoft), Google Drive (Google) to name but a few, all give you free storage ranging from 5Gb to 25Gb with the option to buy more if you want it, and they are all linked to your vendor account (Apple-id, Outlook or Google etc) so are (theoretically) secure. These are all public clouds in that it’s a ‘one size fits all’ model – no tailoring of the service allowed, with access available to anyone who wants it (albeit with access to your bit restricted to you and (hopefully) blocked to everyone else (apart from those people listed below and those you’ve chosen to share it with)).

So far so hunky dory. Loads of storage, easily accessible and free, what’s not to love?

Well, to  be honest, if you don’t care where your stuff is stored (Europe, America, Asia, under the Atlantic (well maybe not yet but watch this space)), and you don’t care how many employees, contractors, third parties or other relations of your chosen supplier can access your stuff in the spirit of ‘system management’, and you don’t know or care who they can share it with, then not much. But therein lies the rub, with most of the free cloud storage, and quite a bit of the not so free, you have no control over any of this. When you sign up for your cloud storage you agree to all manner of things in the Terms and Conditions (Apple’s runs to over 20,000 words), and unless you hit “I Agree” you can’t use the service. No discussion, no negotiation just a simple “accept or go elsewhere”.

When you put your music collection, precious photos or critical documents “into the Cloud”, what are you actually expecting to happen? How long do you think they will be there, are they backed up, can you transfer them somewhere else (such as if you decide to move from Apple to Android)? The bottom line is you don’t know because you never asked. You just blindly went with the flow because it was there and it was free.

Will Apple stop offering i-Cloud or Microsoft OneDrive? Will they change the T&C and start to charge you for the storage? Will they decide that as part of the free deal they can use your stuff for their own purposes (as Instagram tried to do when they suddenly announced they were going to sell YOUR photos for THEIR benefit – and only backed down after they started to lose market share)? The bottom line is you don’t know, and you can’t know because you don’t have any say in the infrastructure. You’ve given everything to someone else to store in their datacentres and you aren’t even paying them for the privilege.

I’m not saying don’t use the Cloud, what I am saying though use it with your eyes open and consider spreading the risk. Think about what you are uploading and how much it matters to you. If it’s your photo collection then upload them to more than one Cloud provider after all they’re free and it would be rude not to take advantage (I have mine in both Google and OneDrive, just in case one of them has a problem, and there’s always the copy on my own devices).

The same for documents that are not sensitive. But if they are sensitive (for whatever reason) just remember that whilst your strong password (see a previous blog) will stop miscreants cracking into your account and reading your stuff, the Cloud provider’s staff will have access for perfectly valid reasons such as keeping the systems running, and unless the data is encrypted (which is unlikely) they will be able to read it. Now, are they going to target your files out of the Petabytes of data they are holding, well it depends on who you are, but the fact is they could, and if that bothers you, maybe the Cloud is not the right place for you and your data.

So in summary. The Cloud is the perfect Martini solution (Google it if you’re under 35) for your electronic information. But in exchange for the ease of use and free storage you are giving control over the security of your stuff to someone else. If you don’t care, then fill your boots as they say. If you do then maybe you need to be more selective.

As Mr Wordsworth said “I wandered lonely as a cloud, That floats on high o’er vales and hills” it’s just that you have no idea where those vales and hills may be.

Happy surfing

David

Advertisements

Actions

Information

One response

24 02 2016
Cloudy security | Mardles from Norfolk

[…] Source: Cloudy security […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s




%d bloggers like this: