With the possible breech at LastPass and the Sony debacle this has been a very bad few weeks for the cloud. As one very senior IT manager said to me the other day if Sony can’t provide a secure cloud like infrastructure how on earth am I supposed to trust my company’s data to cloud based systems.
In the corporate world, as well as the consumer, there has been a big push to move things to the cloud lately. The generally weak economy has forced companies to look away from the traditional but expensive methods of self hosting services to effectively outsourcing them to the ‘Cloud’.
Now in many ways this could be a great idea if the ‘Cloud’ was truly a cloud. If for example your data was broken up and stored over many servers at many locations with redundant backups at other locations. Unfortunately for most services all moving to the cloud means is shifting the applications and data from one server farm, which you have control over, to another, much larger one, that you don’t.
When data is stored in a single location it is always vulnerable to attack from anything that can access it and particularly to internal access.
There are methods of securing data but anything can be broken eventually . Obviously the risks of such a breech can be alleviated by taking sensible precautions – storing personal data in an unencrypted file was certainly not a good idea on Sony’s part. Passwords should never be stored in any format that can be read or unencrypted.
I can see the last few weeks being a catalyst for a large number of corporates to reassess their cloud strategies. From a home user perspective it certainly makes me wonder if I want to store precious family photos on the ‘cloud’.
Now the title of this post is a little misleading because as I hinted earlier the true cloud concept isn’t totally broken and the advantages it brings in the ability to access your data and services from anywhere are huge. However I think everyone needs to just think a little more about what the cloud is actually supposed to be.