Yesterday I talked about my concerns about the security of my data if I store it in the cloud. It seems like an awful lot of faith to put in a third-party to expect it to protect my data. However, there is a flip side to that coin that suggests that maybe my data is better off in their hands than mine.
My security concerns stem mainly from taking data that I don’t want accessed by anyone but me (and maybe a handful of authorized people that I designate), and placing it out on the Internet. Sure, it is supposedly locked down, but it feels like taking my valuable possessions, putting them in a box with a padlock, and leaving it in the middle of Times Square.
There is a fallacy to this analogy. The idea that my box with the padlock is safer in my house than it is in the middle of Times Square is based on an underlying belief that my home is more secluded, and less accessible to potential thieves than Times Square. When it comes to protecting my data, it isn’t necessarily true that my personal computer is a safer place for my data than the cloud.
I do agree that it should be more secure, but whether or not it lives up to that potential comes with a number of variables that I am not really interested in maintaining. Security is a full-time process, not just a moment in time.
The data should be encrypted, and have permissions set to restrict access, but I also need to make sure that my operating system and applications are patched and updated to protect against known vulnerabilities that could be used to compromise my data. I need to stay informed of emerging threats, and new attack techniques, and I need to review log data, and monitor network traffic and data access patterns for suspicious activity.
When I store my data in the cloud, I still have to accept responsibility for the basic permissions and encryption, but the service provider handles all of the other facets of maintaining and protecting the data at the cloud data center. I have an entire IT department working on my behalf to make sure my data is protected – and those are resources I don’t have on my own.
It can be argued that my data is actually more secure in the cloud than it would be under my own stewardship. And, by storing my data in the cloud I get the benefit of virtually ubiquitous access from anywhere I can get a Web connection, and redundant backups so I am not trusting my data to a single drive that is prone to crash or fail.
If I store my data locally, it is in my direct control, but that doesn’t necessarily make it more secure. Basically, whether I store my data locally, or in the cloud, it is still ultimately my responsibility to secure it – but in the cloud I at least have the support of skilled IT professionals to keep everything updated and monitor for suspicious activity.
So -- to tie this back to the Times Square analogy -- the choice is between storing my padlocked box in my unlocked house with nobody watching it, or storing it in the middle of Times Square with an expert locksmith to maintain the padlock, and an armed security detail watching it 24/7 to make sure nobody touches it. Given that scenario, I think I’d rather have my box in Times Square.