|
Question was "would you recommend". Yes, I will - I don't care a about other people data . But my brain should be dead long before I put any my data in the cloud - even non-sensitive one.
Do I think tech is there in the cloud to be a safe place? Yes, I think so. Do I trust any company? Not a single second, especially in USA.
|
|
|
|
|
|
There are different levels of sensitive data , there are different levels of sys admin abilities and there are different reputation of cloud providers ( just as there are different reputations among the hosting providers) . So yes I would put some data sensitive data there under the right circumstances . I would quite happily store encrypted user data there , but I somehow doubt I would store a countries nuclear secrets there .
|
|
|
|
|
Azure[^], Amazon S3[^],... will definitely recommend. They do have enough/flexible security infrastructure.
Wonde Tadesse
modified 5-Nov-15 22:56pm.
|
|
|
|
|
...what's so appealing about "the cloud"? Is it the expense factor and comfort why people and companies outsource their data storage (and IT personnel at the same time)? But that's pretty much viewing it in a tunnel vision. Those who think it is a good idea only see the money involved to store and maintain the data, they completely forget about the value of the data itself, and giving up control of it by putting it on a remote server from which they don't know where it is and who has access to it is insane (sorry, I don't know a better word to describe it).
|
|
|
|
|
I wouldn't personally stick my data in the cloud.
But, the solution to many of the security concerns would be simply to encrypt the data prior to putting in the cloud, such that your cloud provider receives, stores and returns scrambled numbers. They don't know what they're storing, but can back it up, distribute it etc.
Surely a simple client application could do this?
Regards,
Rob Philpott.
|
|
|
|
|
Rob Philpott wrote: encrypt the data prior to putting in the cloud, such that your cloud provider receives, stores and returns scrambled numbers. They don't know what they're storing, but can back it up, distribute it etc.
Surely a simple client application could do this?
Coincidentally, I just wrote a script to do this.
Kevin
|
|
|
|
|
Giving any amount of control over your sensitive data is , to quote cptn. Lassard:
" A very,yery,yery,yery,very bad idea"
|
|
|
|
|
Haha!! Police Academy! Awesome
|
|
|
|
|
Doesn't matter where you store data; if it is open, un-encrypted plain-text you are an idiot that deserves to be hacked.
Even if it's encrypted you have to make sure that the support staff maintaining the server and database or just work for the cloud company don't have access to keys.
You should obfuscate and encrypt everything that you can. NO PLAIN TEXT!!!
Just my tuppence worth.
|
|
|
|
|
C3PO: "The City's central computer told you? R2-D2, you know better than to trust a strange computer."
Yep, listen to C3PO..
The future may be uncertain, but one thing's for sure: never trust a stranger. Same goes for computers (and the companies/people behind them)...
|
|
|
|
|
It's clearly said "SENSITIVE DATA", how stupid you should be to answer "depends from data"? I don't believe to humanity anymore
And even word "sensitive" can be too cloudy, since "sensitivity" depends from goals of attacker. Say, if I publish photo "Me and my friend John", who prevents crime from calling my dad and say "Hey, I'm John - friend of your son; please come at night and bring money"? If dad asks me about John, sure - I have friend John, but so casual fact become sensitive in this situation!
NEVER EVER publish and NAME people on your f***g photos until they give permission to it! Your life can depend from it, naive hamsters!
|
|
|
|
|
Yeah... I thought that was funny too. Though half of the voters actually vote for that. It reminds me of high school math class, student often not reading the instruction before solving a problem.
For me, I wouldn't even trust the cloud to put my dead mother's info there.
|
|
|
|
|
I read that differently.
I took it to mean: "If I am storing a SECURELY ENCRYPTED file of sensitive data".
The challenge is that the data itself may be sensitive, but if it is properly encrypted,
and only I have the keys? Fine.
In fact, our cloud backups work like this. The backup user has ONLY Create/Write, no Delete/Overwrite, and he uses a public key to encrypt the files.
We push them out to a cloud service in which the user that CAN read these files DO NOT have access to the private key. And the person who has the key is NOTIFIED if any of these files are accessed. But that person does not have access to read the files!
I am glad to store our sensitive data in this way.
Can it get hacked? Sure.
Is it sensitive. Yes... But it is STRONGLY ENCRYPTED.
Now, would I store a .BAK file of my database on the cloud, with no protection/encryption? Nope!
|
|
|
|
|
Kirk 10389821 wrote: I took it to mean: "If I am storing a SECURELY ENCRYPTED file of sensitive data". Ditto!
You have just been Sharapova'd.
|
|
|
|
|
You are contradicting yourself. You say people are stupid by saying "depends on data" as it already says "sensitive data", but then you right a whole paragraph about how "sensitive data" can mean different things...
I'd say the most stupid of people are those that don't even understand what they themselves are saying...
|
|
|
|
|
|
PIEBALDconsult wrote: All data is sensitive. I have seen people storing (not theirs) pet photos/videos on the cloud.
You have just been Sharapova'd.
|
|
|
|
|
Nope, it isn't. I mean, take PI (π) for example - is that sensitive? I wouldn't think so. And now take your phone number...
How do you know sweet if you don't know about sour?
|
|
|
|
|
Don't they store your sensitive data in the cloud?
Am I missing something with this survey?
Should the question be are you encrypting sensitive data in the cloud?
|
|
|
|
|
Basically ... non-tech people tend to think very highly of cloud based storage. And I hear at least once a week the question about if it's secure (both as in privacy as well as in redundancy).
In both those cases it's an "It depends on TRUST" answer: "Can you TRUST the 3rd party company you give your data to? Can you TRUST their employees? Can you TRUST their redundancy and access control measures? Can you TRUST that they'll be available when needed? ..."
I've heard this one before, statement from a CEO: "We have very sensitive information in the order of several TB which we have to move to another geographic location. It is so sensitive that we will not trust a courier company. Which cloud service would you recommend?"
Exactly what does that CEO think a cloud service is? Some alien "god" company which doesn't have all the same issues as a human-run courier service has?
|
|
|
|
|
Great read! ...
Agree completely ...
A lot of companies want to go cloud based because “it’s the ‘in’ thing”, without truly understanding what risks their taking...
|
|
|
|
|
|
"Depends on the data you are storing" !?
can there several options for "sensitive data"? it seems someone wanted option #5 (NO WAY!) to be unattractive... i feel all score of option #3 should be added to #5.
|
|
|
|
|
Couldn't agree more. I had this WTE moment when I read the 3rd option.
If the survey was worded as "Would you recommend your clients store any of they data on cloud" ... then option #3 makes sense. Else it's contradicting the wording of the survey.
|
|
|
|