This week we had an interesting meeting with Google. The company said more or less what we expected: cloud services are the way forward, and in-house data centres are over.
That same day, we got back to the office to find news that added a whole new perspective to the meeting: heard the Ministry of Defence had lost an entire server from a secure data centre.
What was the connection? Well Google had been fighting back against the widespread perception that cloud services are not secure enough for large organisations – and its argument was spirited. Cloud services aren’t less secure, said Google Apps security boss Eran Feigenbaum: they are actually more secure.
In the cloud, data is accessible to anyone who has the password, and that includes anyone who can guess it, crack it, eavesdrop it, or fool or force it out of you. So it seems obviously less secure.
But consider the extent to which “non-cloud” companies expose themselves. Users are expected to work anywhere, and that means accessing business systems over the Internet. Sometimes this might be over an encrypted VPN, but very often it isn’t.
The majority of publishing companies I have worked for in the last ten years have a publishing system on a publicly accessible URL, which users can access using a username and password. That’s the price of asking journalists to contribute when they are on the road. And other business tools such as CRM and ERP have to be equally accessible for mobile workers.
Company email systems including Microsoft Outlook may run on company servers inside the perimeter, but they include a webmail option, whereby a user (or anyone else who knows the password) can access the system over the web.
So most companies are already in the cloud, whether they like it or not. But they’re doing it in a far worse way, because the devices they carry around are stuffed with files and attachments. Better to accept the data is mobile, and concentrate on keeping it in the cloud and securing the cloud.
Now, to my mind, that means we’ll inevitably have to start applying two-factor authentication – UK banks already do it for customers, issuing them with authentication Chip and PIN devices to use in the home. But companies in the cloud don’t often do that. Even Google doesn’t, to judge by Feigenbaum’s attempts to dodge the question.
So should we wait and see how cloud security pans out? Actually, I don’t think so. While we are doing that, we are all losing gigabytes of data on USB keys and laptops (sometimes as many as 20 percent of the company’s laptops).
And, as if that’s not enough, the MoD has proven that, even if you keep hold of all your laptops, someone is going to walk off with your servers.
Google parent Alphabet sees market capitalisation surge over $2tn on plan to over first-ever cash…
Google asks Virginia federal court to dismiss case brought by US Justice Department and eight…
Snapchat parent Snap reports user growth, revenues in spite of tough competition, in what may…
Intel shares sag after company shares gloomy revenue predictions, as data centre chip demand hit…
Germany's Tuta Mail says Google broke EU's new DMA rules with March algorithm update that…
US auto safety regulator opens new investigation into adequacy of Tesla Autopilot recall, saying it…
View Comments
Nonsense. What about responsibility and accountability? Clouds = Big Brother. Who do you call when you think there has been a security breach? Ghostbusters? If there were a breach of our data there is a single point of contact who is responsible. An employee. A trusted individual who is responsible and accountable. Most importantly the CEO trusts that individual. Clouds will never be secure enough. They represent a danger to everyone as breaches can be hidden by corrupt insiders.