NO DOUBT ABOUT IT – there is a sea change happening as individuals and companies slowly grasp the upside of cloud computing. But I still get challenged at conferences: “What about the security risk? I have to know that my bits are safe. How do I know these service providers are not going to mine my data and exploit all my information?”
The short answer is that you don’t – no one does. But then again – where are my bits, and where are your bits? In general, we don’t have a clue. Everything from our banking details, passport, national insurance, tax, medical records are stored somewhere, but we don’t know where. And do we care? We don’t give it a thought. Perhaps we should – bankers have proven to be less than honest and many of our institutions seem to excel in losing memory sticks, hard drives and laptops with our private info.
My worst nightmare is that the companies and institutions storing my data have been foolish enough to assign it to one drive, drive set, rack or floor in a single physical location. If they have, they are naive in the extreme, and are putting me at risk along with everyone else.
Perhaps the most paranoid objection voiced goes like this: “I don’t want anyone else’s data on my hard drive.” Such a strong sentiment reflects a lack of understanding that is really worrisome, especially when some of the protagonists are employed in IT departments.
Personally, I hope my bits are mixed in with thousands of others and spread all over the planet on multiple drives backed up in multiple locations. Such a scenario is more secure, and it can be rendered extreme by variable encryption. How come? If someone steals a file, and manages to crack the layered encryption, that person will only have partial documents.
The best the thieves can hope for is a mere glimpse of the full picture. To get to the real meat, they need the context, which is spread across an impossibly large number of drives and locations. This may be an impossible nut to crack with today’s technology.
Like it or not, cloud computing is not going away anytime soon. It is going to grow, and as it does, it will become increasingly secure. Our data will become safer, and all the more so as it becomes more dispersed. And yet, I hear sensible people demanding that their in-house data has to be held on a company server, in a company building, on company soil, always to be under the company eye and control.
Why do people think this way? Perhaps it is just habit, or more about the illusion of control. Such thinking is delusional – none of us can control our own data, let alone that of our companies. The internet, servers and service providers are leaky buckets with data seeping out and in. The good news is that it is unpredictable and difficult to read. The real problem is one of trust and reputation. Who do you trust? Your bank, ISP, Google, HP, Apple or IBM ?
You might want to contemplate running with several providers simultaneously – that way, you can control some of the dispersement and add another layer of security. Reliability, resilience and security seldom come cheap but it is vital to spread data across the internet in a parsed format. But do we do it ourselves, or do we let others do it for us? I prefer the latter course, through a trusted intermediary.
To me, this is no different to keeping money under my mattress, using a bank, or carrying cash. It all about resource management and using service industries that organise bits on our behalf while saving us time and money.
Paradoxically, the last people to figure all this out might be those CIOs and IT departments stuck in business and operating modes cast in the 1960s. The cloud is coming and there are great advantages to be had – but we have to accept the challenge of change.
Peter Cochrane is an IT consultant and former chief technologist at BT