This seems to be a case of a catchy headline that has little to do with the content of the story and an interesting fashion in journalism driven by the need to grab eyeballs on the web. This was the style for tabloids in supermarket checkout lanes for the same ends but seems to have found a new home in online news publications. Huffington Post comes immediately to mind as a primary culprit.
What are listed are ten areas of concern for potential attack most of which are tied to social media, smart phone, USB devices and tablets, and the continuing evolution of phishing and botnet exploits on the web in general. This is another inevitable bit of confusion in defining or failing to define"Cloud Computing". The Cloud, of course, is simple shorthand for the Internet. In that sense these are cloud related threats as they all exist on the Internet. But the term Cloud Computing is obviously no longer just another term for the Internet (why use two words when one will do). People increasingly understand this to mean the use of the Internet for processing your own information (running programs) and/or storing your information on line. A careful look at the above article then produces only two of the ten items that are Cloud Computing related. These are:
8. Cloud computing concerns. As more data is distributed around the Internet in the so-called “cloud,” opportunities for data infection or theft will grow.
9. Data exfiltration and insider threats. People will always find ways to anonymously leak private information. . . .
Obviously I'm being generous in including 9 as it predates the Internet by a long way. Insider access is the basis for the vast majority of data loss, data destruction, and the creation of "back doors" to allow botnet or other attacks. Number 8 seems to be the old warning that if you don't want the wrong people to have your data then don't give it to anyone. So there.
So what are the real threats of Cloud Computing and how do Cloud Computing providers (of which we are one) assist you in addressing the evolving threats to your data? To answer this question requires some defining of Cloud Computing. There are two major forms of Cloud Computing: 1) Software as a Service providing the programs that you use to work with your information from an online provider and 2) Infrastructure as a Service which provides the computing power online with which you can run programs and store your information. The first is what most people think of when they hear the term Cloud Computing and the second is what most businesses actually use for Cloud Computing. Of course there is a good bit of overlap possible in these categories but understanding that is very important to understanding how to keep your data clean, safe and only available to those who you wish to access to your data.
To put it in clearer terms SaaS (Software as a Service) is using the Internet in general as your computer and letting others provide the functionality and storage that you need without any regard to location.
Facebook is really the face (ok, I couldn't help it) of SaaS for most people. Facebook controls the information you give them and allows you to do different things with your information and your list of friends. In exchange you have no idea where your data is stored or who may have access to it. SaaS providers are constantly updating and redefining their privacy and data security terms to try to make you comfortable with their care of your information. There is a clear problem with this, however, because they want to use your data and they want you to use their functionality in more and more ways. They can extract secondary information from how you use your own and other peoples data which they can use to make money. That's a whole other story. The point is that your data is anywhere and everywhere and you are not paying attention to where or how they are processing your information. Obviously businesses limit their use of social media to marketing, sales, and public relations or if they don't they should.
Infrastructure as a Service provides computer and storage resources dedicated to the user. This is much closer to the traditional way that we purchased and used computers from the beginning of the Information Age. IaaS simply eliminates the physical boxes and creates virtual computers and drives for storage in a data center that you control through the Internet. This has much greater potential security because you are controlling not just your information but the computer processing resources that work on your information. With Islanda (small plug) you actually get to know exactly where your data and computer resources are housed. With large national companies such as Amazon or Rackspace you don't get that information and control. With SaaS you are handing your data out to the Internet for someone to provide processing and storage of that data where they please. With IaaS you are dealing with the processing power and storage itself and you control the software that you use to process your information. When thought about this way the difference in potential security problems is much clearer.
It would have been nice if an article titled "Cloud computing a 'superhighway for cyber crime'" actually said something about cyber crime and Cloud Computing but it didn't even define the terms. I will pick this up again in a future post on how Cloud Computing greatly improves your security and ability to avoid problems. Let me know if you have specific questions about security and Cloud Computing.
You can always reach me at the email above to talk about any of these things.
0 comments:
Post a Comment