|
I wouldn't personally stick my data in the cloud.
But, the solution to many of the security concerns would be simply to encrypt the data prior to putting in the cloud, such that your cloud provider receives, stores and returns scrambled numbers. They don't know what they're storing, but can back it up, distribute it etc.
Surely a simple client application could do this?
Regards,
Rob Philpott.
|
|
|
|
|
Rob Philpott wrote: encrypt the data prior to putting in the cloud, such that your cloud provider receives, stores and returns scrambled numbers. They don't know what they're storing, but can back it up, distribute it etc.
Surely a simple client application could do this?
Coincidentally, I just wrote a script to do this.
Kevin
|
|
|
|
|
Giving any amount of control over your sensitive data is , to quote cptn. Lassard:
" A very,yery,yery,yery,very bad idea"
|
|
|
|
|
Haha!! Police Academy! Awesome
|
|
|
|
|
Doesn't matter where you store data; if it is open, un-encrypted plain-text you are an idiot that deserves to be hacked.
Even if it's encrypted you have to make sure that the support staff maintaining the server and database or just work for the cloud company don't have access to keys.
You should obfuscate and encrypt everything that you can. NO PLAIN TEXT!!!
Just my tuppence worth.
|
|
|
|
|
C3PO: "The City's central computer told you? R2-D2, you know better than to trust a strange computer."
Yep, listen to C3PO..
The future may be uncertain, but one thing's for sure: never trust a stranger. Same goes for computers (and the companies/people behind them)...
|
|
|
|
|
It's clearly said "SENSITIVE DATA", how stupid you should be to answer "depends from data"? I don't believe to humanity anymore
And even word "sensitive" can be too cloudy, since "sensitivity" depends from goals of attacker. Say, if I publish photo "Me and my friend John", who prevents crime from calling my dad and say "Hey, I'm John - friend of your son; please come at night and bring money"? If dad asks me about John, sure - I have friend John, but so casual fact become sensitive in this situation!
NEVER EVER publish and NAME people on your f***g photos until they give permission to it! Your life can depend from it, naive hamsters!
|
|
|
|
|
Yeah... I thought that was funny too. Though half of the voters actually vote for that. It reminds me of high school math class, student often not reading the instruction before solving a problem.
For me, I wouldn't even trust the cloud to put my dead mother's info there.
|
|
|
|
|
I read that differently.
I took it to mean: "If I am storing a SECURELY ENCRYPTED file of sensitive data".
The challenge is that the data itself may be sensitive, but if it is properly encrypted,
and only I have the keys? Fine.
In fact, our cloud backups work like this. The backup user has ONLY Create/Write, no Delete/Overwrite, and he uses a public key to encrypt the files.
We push them out to a cloud service in which the user that CAN read these files DO NOT have access to the private key. And the person who has the key is NOTIFIED if any of these files are accessed. But that person does not have access to read the files!
I am glad to store our sensitive data in this way.
Can it get hacked? Sure.
Is it sensitive. Yes... But it is STRONGLY ENCRYPTED.
Now, would I store a .BAK file of my database on the cloud, with no protection/encryption? Nope!
|
|
|
|
|
Kirk 10389821 wrote: I took it to mean: "If I am storing a SECURELY ENCRYPTED file of sensitive data". Ditto!
You have just been Sharapova'd.
|
|
|
|
|
You are contradicting yourself. You say people are stupid by saying "depends on data" as it already says "sensitive data", but then you right a whole paragraph about how "sensitive data" can mean different things...
I'd say the most stupid of people are those that don't even understand what they themselves are saying...
|
|
|
|
|
|
PIEBALDconsult wrote: All data is sensitive. I have seen people storing (not theirs) pet photos/videos on the cloud.
You have just been Sharapova'd.
|
|
|
|
|
Nope, it isn't. I mean, take PI (π) for example - is that sensitive? I wouldn't think so. And now take your phone number...
How do you know sweet if you don't know about sour?
|
|
|
|
|
Don't they store your sensitive data in the cloud?
Am I missing something with this survey?
Should the question be are you encrypting sensitive data in the cloud?
|
|
|
|
|
Basically ... non-tech people tend to think very highly of cloud based storage. And I hear at least once a week the question about if it's secure (both as in privacy as well as in redundancy).
In both those cases it's an "It depends on TRUST" answer: "Can you TRUST the 3rd party company you give your data to? Can you TRUST their employees? Can you TRUST their redundancy and access control measures? Can you TRUST that they'll be available when needed? ..."
I've heard this one before, statement from a CEO: "We have very sensitive information in the order of several TB which we have to move to another geographic location. It is so sensitive that we will not trust a courier company. Which cloud service would you recommend?"
Exactly what does that CEO think a cloud service is? Some alien "god" company which doesn't have all the same issues as a human-run courier service has?
|
|
|
|
|
Great read! ...
Agree completely ...
A lot of companies want to go cloud based because “it’s the ‘in’ thing”, without truly understanding what risks their taking...
|
|
|
|
|
|
"Depends on the data you are storing" !?
can there several options for "sensitive data"? it seems someone wanted option #5 (NO WAY!) to be unattractive... i feel all score of option #3 should be added to #5.
|
|
|
|
|
Couldn't agree more. I had this WTE moment when I read the 3rd option.
If the survey was worded as "Would you recommend your clients store any of they data on cloud" ... then option #3 makes sense. Else it's contradicting the wording of the survey.
|
|
|
|
|
It just goes to verify how careless people are when dealing with information.
Either half the voters don't care about their sensitive information or they haven't a clue what the cloud represent.
I may be able to trust a company like Microsoft or Facebook, but there is no way in hell I will trust the system admin who is holding a master key to all servers.
|
|
|
|
|
Or they can't read properly - thus not understanding the question (don't know if that's worse).
I'd really like to know who chose #1, and probably #2 as well - just so I can avoid them like the plague. Well, perhaps #2 if you have come across some really decent and trustworthy company - you just might think similar is possible. At least those choosing #4 are honest in knowing that they don't know.
Re large companies ... I actually trust them less than small ones (all being equal). It's just a numbers game. All you need for your info to be leaked / stolen / abused / whatever is one single bad apple employee. The more employees a company has, the more chances that one of them is such bad apple.
|
|
|
|
|
Agreed. That's a bad option.
|
|
|
|
|
Perhaps those voters are thinking "It is fine to store other people's sensitive data in the Cloud, just not my own."
"When you don't know what you're doing it's best to do it quickly" - Jase #DuckDynasty
|
|
|
|
|
Company X may be trustworthy, but that makes them more appealing to company Y which isn't -- and who will buy them out.
|
|
|
|