|
I don't agree with companies hosting all of their data / terminal servers etc in the cloud...
I think that they usually do this because of either:
The companies lack of knowledge
Because it's easier
Because it's the 'in' thing to do
Because their IT provider recommends it...
On the last point there...
The IT guy will most often do this when:
They want you to be locked into them
They lack knowledge
They want to palm off managing hardware
They don’t care about who has access to their clients info
I think that any company that wants to go cloud based should consider hosting it inhouse.
It is actually quite affordable.
I do this with my code for example, it is all "cloud based", but it is hosted at my house, which syncs to a computer about 80KM away(at my parents house)... and my laptop syncs to it even when I'm not at home, working on my laptop (all connections are encrypted of course).
If you have to go "public" cloud based asking yourself
"Do you trust the company"
"Do you trust EVERY employee in that company who could have access to your data"
What happens if something happens to them (the company, disaster, business closure etc)?
"Do you trust their backups"
On the last point, I have a friend (who I completly dissagree about with regard to views on this topic). He is an IT hardware provider, and reccomends the cloud.
His cloud service (which is very popular) claims that it provides daily backups. One of his clients asked for email correspondence (that they had deleted a few weeks earlier) for a legal case. The backup was requested.
The cloud company responded with ~"We can only provide a backup as of 12:00AM this morning".
... don't get me wrong, I use the public cloud for various things, such as storing personal photos, and certainly think that it has its place; but I think that it should be used sparingly within ANY organization.
Kris
|
|
|
|
|
If you consider that fact that the question this week asked if we should store sensitive data on the cloud, this be default logic places all the votes in the "Depends" choice as automatically lumped together with the "No Way" crowd to that means were smarter than a marketer here. Good to see.
No Way Jose.
|
|
|
|
|
Question was "would you recommend". Yes, I will - I don't care a about other people data . But my brain should be dead long before I put any my data in the cloud - even non-sensitive one.
Do I think tech is there in the cloud to be a safe place? Yes, I think so. Do I trust any company? Not a single second, especially in USA.
|
|
|
|
|
|
There are different levels of sensitive data , there are different levels of sys admin abilities and there are different reputation of cloud providers ( just as there are different reputations among the hosting providers) . So yes I would put some data sensitive data there under the right circumstances . I would quite happily store encrypted user data there , but I somehow doubt I would store a countries nuclear secrets there .
|
|
|
|
|
Azure[^], Amazon S3[^],... will definitely recommend. They do have enough/flexible security infrastructure.
Wonde Tadesse
modified 5-Nov-15 22:56pm.
|
|
|
|
|
...what's so appealing about "the cloud"? Is it the expense factor and comfort why people and companies outsource their data storage (and IT personnel at the same time)? But that's pretty much viewing it in a tunnel vision. Those who think it is a good idea only see the money involved to store and maintain the data, they completely forget about the value of the data itself, and giving up control of it by putting it on a remote server from which they don't know where it is and who has access to it is insane (sorry, I don't know a better word to describe it).
|
|
|
|
|
I wouldn't personally stick my data in the cloud.
But, the solution to many of the security concerns would be simply to encrypt the data prior to putting in the cloud, such that your cloud provider receives, stores and returns scrambled numbers. They don't know what they're storing, but can back it up, distribute it etc.
Surely a simple client application could do this?
Regards,
Rob Philpott.
|
|
|
|
|
Rob Philpott wrote: encrypt the data prior to putting in the cloud, such that your cloud provider receives, stores and returns scrambled numbers. They don't know what they're storing, but can back it up, distribute it etc.
Surely a simple client application could do this?
Coincidentally, I just wrote a script to do this.
Kevin
|
|
|
|
|
Giving any amount of control over your sensitive data is , to quote cptn. Lassard:
" A very,yery,yery,yery,very bad idea"
|
|
|
|
|
Haha!! Police Academy! Awesome
|
|
|
|
|
Doesn't matter where you store data; if it is open, un-encrypted plain-text you are an idiot that deserves to be hacked.
Even if it's encrypted you have to make sure that the support staff maintaining the server and database or just work for the cloud company don't have access to keys.
You should obfuscate and encrypt everything that you can. NO PLAIN TEXT!!!
Just my tuppence worth.
|
|
|
|
|
C3PO: "The City's central computer told you? R2-D2, you know better than to trust a strange computer."
Yep, listen to C3PO..
The future may be uncertain, but one thing's for sure: never trust a stranger. Same goes for computers (and the companies/people behind them)...
|
|
|
|
|
It's clearly said "SENSITIVE DATA", how stupid you should be to answer "depends from data"? I don't believe to humanity anymore
And even word "sensitive" can be too cloudy, since "sensitivity" depends from goals of attacker. Say, if I publish photo "Me and my friend John", who prevents crime from calling my dad and say "Hey, I'm John - friend of your son; please come at night and bring money"? If dad asks me about John, sure - I have friend John, but so casual fact become sensitive in this situation!
NEVER EVER publish and NAME people on your f***g photos until they give permission to it! Your life can depend from it, naive hamsters!
|
|
|
|
|
Yeah... I thought that was funny too. Though half of the voters actually vote for that. It reminds me of high school math class, student often not reading the instruction before solving a problem.
For me, I wouldn't even trust the cloud to put my dead mother's info there.
|
|
|
|
|
I read that differently.
I took it to mean: "If I am storing a SECURELY ENCRYPTED file of sensitive data".
The challenge is that the data itself may be sensitive, but if it is properly encrypted,
and only I have the keys? Fine.
In fact, our cloud backups work like this. The backup user has ONLY Create/Write, no Delete/Overwrite, and he uses a public key to encrypt the files.
We push them out to a cloud service in which the user that CAN read these files DO NOT have access to the private key. And the person who has the key is NOTIFIED if any of these files are accessed. But that person does not have access to read the files!
I am glad to store our sensitive data in this way.
Can it get hacked? Sure.
Is it sensitive. Yes... But it is STRONGLY ENCRYPTED.
Now, would I store a .BAK file of my database on the cloud, with no protection/encryption? Nope!
|
|
|
|
|
Kirk 10389821 wrote: I took it to mean: "If I am storing a SECURELY ENCRYPTED file of sensitive data". Ditto!
You have just been Sharapova'd.
|
|
|
|
|
You are contradicting yourself. You say people are stupid by saying "depends on data" as it already says "sensitive data", but then you right a whole paragraph about how "sensitive data" can mean different things...
I'd say the most stupid of people are those that don't even understand what they themselves are saying...
|
|
|
|
|
|
PIEBALDconsult wrote: All data is sensitive. I have seen people storing (not theirs) pet photos/videos on the cloud.
You have just been Sharapova'd.
|
|
|
|
|
Nope, it isn't. I mean, take PI (π) for example - is that sensitive? I wouldn't think so. And now take your phone number...
How do you know sweet if you don't know about sour?
|
|
|
|
|
Don't they store your sensitive data in the cloud?
Am I missing something with this survey?
Should the question be are you encrypting sensitive data in the cloud?
|
|
|
|
|
Basically ... non-tech people tend to think very highly of cloud based storage. And I hear at least once a week the question about if it's secure (both as in privacy as well as in redundancy).
In both those cases it's an "It depends on TRUST" answer: "Can you TRUST the 3rd party company you give your data to? Can you TRUST their employees? Can you TRUST their redundancy and access control measures? Can you TRUST that they'll be available when needed? ..."
I've heard this one before, statement from a CEO: "We have very sensitive information in the order of several TB which we have to move to another geographic location. It is so sensitive that we will not trust a courier company. Which cloud service would you recommend?"
Exactly what does that CEO think a cloud service is? Some alien "god" company which doesn't have all the same issues as a human-run courier service has?
|
|
|
|
|
Great read! ...
Agree completely ...
A lot of companies want to go cloud based because “it’s the ‘in’ thing”, without truly understanding what risks their taking...
|
|
|
|
|