Aug 16, 2013

To "Cloud" or Not To "Cloud"? From A Security Standpoint, That is The Question. The Answer? You Probably Should Avoid The Cloud.

At my day job, like in many organizations, we are constantly looking at whether or not we should move to the cloud. I mean, the cost of standing up cloud virtual machines rather than running virtual machines at a data center can be significantly cheaper in most cases.

If you move to the cloud, is your data secure though? That is the ultimate question isn't it? I mean, all cloud providers say they are secure right? Look at Amazon, they tout that they are SSAE-16 compliant, as well as PCI-DSS compliant. They must be secure right? Not necessarily.

From Computer World:
While online data storage services claim your data is encrypted, there are no guarantees. With recent revelations that the federal government taps into the files of Internet search engines, email and cloud service providers, any myth about data "privacy" on the Internet has been busted.

Experts say there's simply no way to ever be completely sure your data will remain secure once you've moved it to the cloud.

"You have no way of knowing. You can't trust anybody. Everybody is lying to you," said security expert Bruce Schneier. "How do you know which platform to trust? They could even be lying because the U.S. government has forced them to."

While providers of email, chat, social network and cloud services often claim -- even in their service agreements -- that the data they store is encrypted and private, most often they -- not you -- are the ones who hold the keys. That means a rogue employee or any government "legally" requesting encryption keys can decrypt and see your data.

Even when service providers say only customers can generate and maintain their own encryption keys, Schneier said there's no way to be sure others won't be able to gain access.

For example, Apple's SMS/MMS-like communications platform, iMessage, claims both voice and text are encrypted and can't be heard or seen by third parties. But because the product isn't open source, "there's no way for us to know how it works," said Dan Auerbach, a staff technologist with the Electronic Frontier Foundation (EFF). "It seems because of the way it works on functionality, they do have a way to access it. The same goes for iCloud."

Freedom of Information Act requests by the American Civil Liberties Union (ACLU) revealed earlier this year that the U.S. government claims the right to read personal online data without warrants.

"It is the case everywhere in the world that governments seem to believe that if data is recorded and available, they should be able to access it," said Jay Heiser, an analyst at research firm Gartner. "It's not unique to the U.S., although the United States brags about it to a unique degree."
So it would seem that if making sure your data is truly secure, the rule of thumb in the surveillance state we live in is that you can't trust anybody. Your data could easily be turned over to the feds without a warrant, and without your knowlege.

If you truly want to protect your data, especially from Uncle Sam, then you have to host it yourself.

Do you agree? Disagree? Why or why not? Let us know in the comments.

Twitter Delicious Facebook Digg Stumbleupon Favorites More

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam