There's a great article from ZD-Net written by Robin Harris outlining the disadvantages of the use of Cloud Storage for corporate data.
Here's a snippet of that article:
Serious cloud users know the vendor story: multiple datacenters, geograpically distributed; advanced erasure coding that is better than RAID 6 (which I've discussed); multiple version retention; checksums to ensure data integrity; and synchronization across devices. What could possibly go wrong?Plenty
As has been documented, client-side corruption is all too common, so the cloud will carefully preserve and spread corrupted data. If you crash during an upload the data may be inconsistent - but the cloud doesn't know that - or the cloud may fail to sync changed files.
Worse, clients cannot typically preserve dependencies between files since uploads are not point-in-time snapshots, creating unexpected and unwanted application (mis)behavior. A group of linked databases - say, between CRM, ERP and distribution systems - could end up inconsistent due to piecemeal uploads of changes at different times.
The basic issue is that the loose coupling between the local and cloud file systems leaves data less protected than users - or cloud vendors - like to admit. Like most problems it is fixable, once we admit we have a problem.
I draw your attention to the comments placed below the article:
Good work
'The Cloud' has got to be the biggest rip off ever. I can't wait to shout out 'told you so'. The sheep that can't think for themselves, the weak IT managers that should be standing up and fighting for security over keeping the ants happy, the moron media that write about Tech to look cool but actually know very little and have virtually no hands on experience. If you are a muppet, then get into 'The Cloud'. If you have no family and kids and are a Financial Controller or IT Manager then join the war on putting things right. I say no family or kids because you will be fired as soon as you stand up for all the things that are good and great about IT and humans. BYOD and 'The Cloud' is not one of them. Get your own datacentres, your own servers, 2 firewalls with DMZ and honeypots, forcefully educate your staff and your kids about security and being proud to protect data and systems. Hire security guards to pat down and forcefully remove all Tech from visitors to stop espionage and photography. Back up to tapes drives not someones server who you dont know and have no clue where the data is. Are you thinking this is over-the-top? Oh no, this is the minimum you should be doing. But of course many of you will do nothing. Not until all your data is deleted or changed or corrupted or ransomed. Educate, educate, educate (and start with yourself).
User: philswift
My two cents worth:
Corporate organisations are inherently unsecure. Bad passwords, unrestricted use of portable storage (usb) devices, smart phone use as storage media, unpatched operating systems, out-dated anti-virus software, phishing emails, web-bots, trojans, and the list goes on. The common factor in all of this is humans. Your staff, to be precise, are usually there to do a job. Do they spare a thought about your data security? Some of them can barely speak english let alone type in a complicated password. But management insist they need to function using a computer in order to maintain the companies 'automation' goals.
So your board of directors say let's shift that to 'the cloud'. That way we can sleep peacefully at night and our data security becomes someone else's problem. If anything happens we can sue them. You may or not be aware that the Target data breach happened because they out-sourced their Cooling and Lighting control of stores to a vendor that promised a saving in the electricity bill. The security breach came through that 3rd party vendor. The vendor had VPN access to the electrical control servers on the Target network. It is not clear how the vendor was hacked but someone got his VPN credentials.
Cloud vendors all promise that they all adhere to strict security protocols. How many of them use 3rd party vendors for their cooling and electricity supplies? How many of them outsource their security camera monitoring and alarm systems? Their door locks and swipe card systems? Their fire control and gas/sprinklers?
I once had contact with a company that used swipe cards on all their doors. I looks really impressive when their guests are shown around their operations. The whole system was run from an old Windows XP machine sitting in the server room. Access to that room needed a swipe. The XP machine didn't have a UPS. In the event of a power failure. The servers still ran for as short time. But not the XP machine. Everyone was locked out and the IT manager would not have had access to the server room to gracefully shut down the servers. What this illustrates is the need for management to show off their prowess of all things technical. It looks great from the outside, but it is a trembling house of cards waiting for a stiff breeze on the inside.
Now what guarantees do you have that your cloud provider is not the same? How many so-called cloud providers do actually have a data-centre? Most use 3rd party data-centres. And the list goes on. It's all smoke and mirrors.
So what's the solution? It's not easy but you need to divide your networks. Use tcp/ip the way it was intended. Educate your staff properly. Make use of the skills of penetration testers. Don't jump at all high tech solutions that may not be all that necessary to your business. Make use of a 'competitive advantage' strategy in IT. In other words don't do what your competition is doing. Do it differently. Use operating systems other than the industry standard Windows. Don't pay buckets of cash for off-the-shelf solutions when you can employ someone to write one specific to your organisation. All of these steps make it hard for a hacker to get to your data.
Unfortunately it may be all too late for IT that has become entrenched in large corporations. It's possible that only the small startups will have their feet firmly planted on the ground after all the lessons learnt from 'big business' with their head in the clouds. The future is not that certain. The only certainty is change will take place.
No comments:
Post a Comment