Call me a Neanderthal, but I'm totally new to the whole "cloud" thing. My understanding is that your data is stored "somewhere" and accessible anytime you have an internet connection. Sounds pretty cool, but do any of you techie guys have any security reservations about it? IOW, do you TRUST it with anything sensitive at all or only for frivolous stuff like books, music, pics, etc.?

I ask because I'm exploring the capabilities of the Kindle Fire I recently got (love it so far) and 5G of free cloud storage is included.

The "cloud" is actually a pretty trustworthy and secure thing. It's especially good for music and pictures. For the irreplacable stuff like pics it's always good to have local and remote backups. Depending on the service regarding music there are methods that actually store the license you have and not the music itself. That's pretty nifty. It's not hard to fill 5 gigs with music, after all. Go ahead and embrace it. I would not, however, trust it with my ONLY copy of anything.

A great source is "The Tech Guy" podcasts with Leo Laporte. Google or itunes search will bring it up right away. Either get into the back catalogue a few weeks or just listen for a couple in the future. I guarantee the cloud will be covered and explained in a very understandable way. That guy's awesome.

Well since this is what I do for my day job I guess I should answer. However, the answer is: 'its complicated'.

First and foremost - if your just storing a couple of photos and some MP3s out there then you are probably just fine. There is some basic security in the anonymity of being one of a billion people with your boring junk out there. Even if you were 'hacked' what would you loose? Weigh the risk of all your data stored out there either suddenly being gone - and/or all your data out there suddenly becoming very very public.

All that said, if you are business moving your applications and customer data out to 'the cloud' then you have a TON more risk - and this is where the increase in system complexity becomes the #1 issue. By moving your applications to the cloud you offload the complexity of the system to a 3rd party. Those 'cloud' systems are incredibly complex to setup and maintain - and your applications become just 1 of a million that the cloud owners are trying to manage. As a result your system is no longer 'special' - you are just lumped in with the general optimizations. This is a hackers Disneyland since if you pop one system you, in many cases, pop them all.

Further, that 3rd party, in almost all cases, say that 'security' is not their issue. For example the following is a summary of the most salient findings from a recent study of cloud computing providers:



The majority of cloud computing providers surveyed do not believe their organization views the security of their cloud services as a competitive advantage. Further, they do not consider cloud computing security as one of their most important responsibilities and do not believe their products or services substantially protect and secure the confidential or sensitive information of their customers.



The majority of cloud providers believe it is their customer’s responsibility to secure the cloud and not their responsibility. They also say their systems and applications are not always evaluated for security threats prior to deployment to customers.



Buyer beware – on average providers of cloud computing technologies allocate10 percent or less of their operational resources to security and most do not have confidence that customers’ security requirements are being met.



Cloud providers in our study say the primary reasons why customers purchase cloud resources are lower cost and faster deployment of applications. In contrast, improved security or compliance with regulations is viewed as an unlikely reason for choosing cloud services.

Again this is for businesses putting their applications and customer data into the cloud. If its just you and your MP3s and a couple of pictures - who cares.

Me personally I would never store anything sensitive in the cloud unless it was encrypted by me first. This is my advice to billion dollar customers and the agencies I consult for: pretend the data stored and operating in the cloud is completely public and base your security processes on that concept.

Well since this is what I do for my day job I guess I should answer. However, the answer is: 'its complicated'.

First and foremost - if your just storing a couple of photos and some MP3s out there then you are probably just fine. There is some basic security in the anonymity of being one of a billion people with your boring junk out there. Even if you were 'hacked' what would you loose? Weigh the risk of all your data stored out there either suddenly being gone - and/or all your data out there suddenly becoming very very public.

All that said, if you are business moving your applications and customer data out to 'the cloud' then you have a TON more risk - and this is where the increase in system complexity becomes the #1 issue. By moving your applications to the cloud you offload the complexity of the system to a 3rd party. Those 'cloud' systems are incredibly complex to setup and maintain - and your applications become just 1 of a million that the cloud owners are trying to manage. As a result your system is no longer 'special' - you are just lumped in with the general optimizations. This is a hackers Disneyland since if you pop one system you, in many cases, pop them all.

Further, that 3rd party, in almost all cases, say that 'security' is not their issue. For example the following is a summary of the most salient findings from a recent study of cloud computing providers:



The majority of cloud computing providers surveyed do not believe their organization views the security of their cloud services as a competitive advantage. Further, they do not consider cloud computing security as one of their most important responsibilities and do not believe their products or services substantially protect and secure the confidential or sensitive information of their customers.



The majority of cloud providers believe it is their customer’s responsibility to secure the cloud and not their responsibility. They also say their systems and applications are not always evaluated for security threats prior to deployment to customers.



Buyer beware – on average providers of cloud computing technologies allocate10 percent or less of their operational resources to security and most do not have confidence that customers’ security requirements are being met.



Cloud providers in our study say the primary reasons why customers purchase cloud resources are lower cost and faster deployment of applications. In contrast, improved security or compliance with regulations is viewed as an unlikely reason for choosing cloud services.

Again this is for businesses putting their applications and customer data into the cloud. If its just you and your MP3s and a couple of pictures - who cares.

Me personally I would never store anything sensitive in the cloud unless it was encrypted by me first. This is my advice to billion dollar customers and the agencies I consult for: pretend the data stored and operating in the cloud is completely public and base your security processes on that concept.


This^ +1

essentially, do NOT put anything on the cloud you do not want every Russian hacker, Identity thief, Local thug and every law enforcement official to read.

for the sake of safety consider "for every security measure, there is a "bypass" for it."
There might not be one today... but there might be one tomorrow.

The Cloud means your data is on a server somewhere along with millions of other people's stuff.

Well since this is what I do for my day job I guess I should answer. However, the answer is: 'its complicated'.Great answer! [Awesom]

I dont always trust them for "sensitive" information. But mundane routine backups its great. We always have a local and a cloud backup. It is very dependent on the provider too. Do you trust some new upstart with the only copies of your children's photos? Or your Tax return? If you were an enterprise customer you could use a company like StorageTek (Oracle), do I trust them... yes.

Check out Jungledisk, works good for backup; not necessarily "high availability cloud storage" though.

DropBox is pretty cool, and pretty free for cloud storage with easy access from any PC or your phone. (shoot me a PM and I'll send you an invite, they then give me extra storage. You can then invite others and you gain more storage.)

Cheers,

Delfuego

I keep lots of stuff sync'd out to the cloud with Google Drive and Live Mesh/Skydrive. It's very convenient for access from home, work, etc.

But, important stuff I keep in a TrueCrypt volume (http://truecrypt.org) to keep it secret even if there's a leak.

Been doing it for years, and I network security for a living.

Excellent answers guys. Thanks!