We have all heard about data security breaches, and not just from the NSA, but from the computer whiz down the street, or the mischievous criminal with ample technological know-how. Recently in Europe there have been significant efforts to improve data protection and privacy of individuals while utilizing technology. I, personally, will always contend that true technological security is quite hard to come by, and that the majority of us truly leave ourselves easy prey to having our data or tech security breached. One such breach can be caused by deciding to step upon the ‘cloud’ without a backup parachute; Uplifting if done right, hazardous to your data security if done wrong.
A trip to the local electronic store left me shaking my head, after having watched sales representatives sell cloud storage systems that they really do not understand. Every time the customer would ask – “Is my information safe?” And with my inner tech nerd groaning, the sales representative assures them that the model they were looking at, whichever it was, is the most secure around. In an age where not having internet merely means walking around your apartment building until you find an unprotected wireless network, the assurance that cloud storage is automatically secure is misleading. With local efforts around Europe under way to secure ourselves, it behoves me to discuss cloud computing, so that readers do not imagine themselves to be stepping onto cloud nine, when they can potentially be plummeting into the jaws of a gator.
Many say that the forecast in computing will be cloudy, and if maintained properly, there are a plethora of benefits to stepping ‘on’. But clouds are hard to pin down, and as shown through governmental, as well as large corporate breaches, nothing is infallible. The safest form of data management shall always be by ‘sneaker net’, but in the cosmopolitan world people want constant access and thus the cloud is all the rave.
While large corporate enterprise clouds are generally considered more reliably secure, remember that cloud computing is a service offered by a third-party. So if you, in any function, have information which you are legally guaranteeing the security of, then stepping on the cloud could be a violation of the trust placed in you, since as continually shown, the more parties with a set of information the more opportunities there are for that information to be taken for uses other than intended. While this should be a particular concern of SMEs who may not have the technology infrastructure to maintain data in-house, it also should be concerning for the individual using the cloud for personal reasons.
Similar to the mantra maintained for all forms of internet use – If you do not want your information, be it pictures, medical data, etc on the front page of the local newspaper, you need to seriously consider whether or not you want your files held by a third-party. Check for the level of data encryption and the network access methods. If it is so very easy to put up, it is also likely to be easy for someone else to take it down. Always remember that the best security for your files will be to store them on an external drive and keep them on your person or in a trusted location. That is the only true way to ensure that one day you will not open the newspaper to find a personal picture, used after a security breach in the cloud.
Cloud computing is a tool to enable greater mobility and quick access, but it should not be viewed as the ultimate organizational data management solution. Many SMEs make the mistake of jumping on the cloud at the prospect of cutting IT costs, and occasionally a system is hacked, files are lost, or data is mined. You must remember that using a ‘Cloud’ implies, through its global accessibility, that it may not comply by the rules for data protection that are law in your home country. When non-EU companies offer cloud computing regardless of location or citizenship, the policies the EU has in place do not necessarily protect you (though there are some current lawsuits which may impact this). In this way, despite increased EU efforts to harmonize inner EU policies and protect from those not under EU jurisdiction, it is ultimately the responsibility of the consumer to secure their own data.
Of course, enterprises offering cloud computing services are greatly aware that the biggest hesitation of taking the leap of faith is the need to feel secure. For this reason, many of the third-party service providers have detailed methods of security layers or encryption, which for the consumer, is a good thing, but not a perfect solution. If the desire to use cloud technology has taken you to new heights, self-encryption of data before using this tool can provide extra peace of mind.
Metaphorically, clouds should be resistant to all actions to capture, but in reality – not to burst the bubble of cloud technology fans – at this point in time, make sure you not only have a flight plan but also a parachute. Unfortunately, there will always be a possibility that the cloud will dissipate, and ultimately no matter what policies are put in place, you are the one who needs to protect yourself.