What is the topic of this post is the answer to the question that I often get from a friend, and this is the dilemma, “May I keep my data in the Cloud environment and how safe is it, or what is the risk of such an action?” I will try to briefly explain a few things about the functioning of the Cloud itself and the security risks that appear in this environment. So let’s get started.
The first thing that’s definitely true is that cloud computing has changed the way it’s working today. The advantage of this approach is huge because your data is available wherever you are and you can access it from all types of devices regardless of which operating system you have (mobile phones, tablets, laptops …). This is a very positive thing about the advantages of using this technology because one of the effects is certainly the possibility of great savings on IT costs for the company because someone else takes care of your data, and users can use resources from cheaper devices (not everyone needs to have strong computers with powerful processors and a lot of RAM). However, one needs to know that there are three basic service models in each cloud environment, and each of these models has a different impact on cloud security and no security measure is universally applicable to all three models.
These are the following models:
- Infrastructure as a Service (IaaS)
- Platform as a Service (PaaS)
- Software as a Service (SaaS)
Since the theme of this post is not to present detailed Cloud services, I will not deal with each of them individually, but I want to emphasize that each of them have their own security risks that are not universal.
Do you and how much do you control your data if you outsource them?
Cloud providers generally have well-equipped data centers, adequate logistics, and highly qualified IT staff, which small and medium-sized institutions in some countries can hardly afford at that level. Here, one should keep in mind that still, the biggest responsibility is on the user because it does not mean much if the Cloud provider takes care of all other things and the user does not protect their access to the Cloud.
What information should I keep on the Cloud?
A big controversy is always raised around this question. Some data types are too sensitive to accommodate in a public or hybrid Cloud. First of all, this includes confidential business data, such as customer data for example. However, there are different variants of the Cloud and the question is which is the right model for your business. In a public Cloud, the situation is that more users share the same storage space and security is at a much lower level. In contrast, the private or hybrid Cloud has very different characteristics, and also the price of usage. So, everything should be taken into account when choosing.
Why should you have confidence in your cloud provider?
Today, most cloud providers are certified for the work they do and are trying to gain and retain a good reputation for old and new customers. This means they are ready to meet certain standards that suit you and which you probably cannot easily fulfill and reach as a company. Choosing a Cloud provider is a matter of trust and it must be built over time.
Do I use Cloud in a business or not?
The answer from my side is simple – YES! But you still need to make your own decision, because of the security of your data, however, you must decide for yourself! If you decide to use this service, you need to check the compliance of Cloud Providers with the regulations, the possession of appropriate certificates, the possibility of external auditing, as well as the credibility of the providers and its administrators. Since they are aware of the risk, providers offering Cloud Computing services very seriously grasp the dangers that exist in the Cloud. Even in the event of an unintended incursion into the system, this does not mean that data from hackers is given “on a plate”. They are encrypted and it is almost impossible to decrypt them in a reasonable time. What creates further confusion here is the large amount of news that spreads rapidly through the internet as the compromise of a large number of data is happening. This is mostly not true, but only the hash value of the passwords and it’s a big question of whether and in what way can it really break up. However, my personal opinion is that, working in a cloud environment brings a number of advantages over working with isolated computers. Of course, we need to be cautious and take care of everything, but there should be no paranoia and the rejection of such technology will definitely grow in the future.
Future or present?
Imagine the next scenario. You live in London, and use public garage services to have a monthly lease of a parking space for your car. It’s all a complex Cloud system that allows you to access your parking place with your card and PIN code and enter the garage. At some point after unpaid bills or due to some lawsuit on the account of parking, someone extinguishes your account for access to the system and, therefore, garages in downtown London. Do you think this is a science fiction movie from the period after 2025? The answer is NO, this is news that is from today, and as you can see, that has become our reality. Whether and to what extent we use these technologies depend largely on ourselves.