Ask Slashdot: Is Your Data Safe In the Cloud?

With so much personal data being kept on the cloud, including government and health records or your source code, do you have any concerns about it falling into the wrong hands? Do you think the cloud's benefits are outweighed by continuing security issues?

Government action

[OhHellWithIt]

I believe that government seizure/examination of cloud data is even a bigger threat than hacking. With a court order or -- as we have seen in the past few years -- even without a court order, a trustworthy cloud operator could be forced to turn over our data. The article a few days ago about foreign governments being reluctant to sign onto cloud computing with an American company because of the potential for snooping into their data illustrates the point even further.

Re:Government action

[Jibekn]

False, Google "Twitter Search" Second link.

hosting company’s gets the wrong server

[Joe_Dragon]

Now this story shows that the hosting company's can get mix up and do you want to take that risk with your data??

http://thedailywtf.com/Articles/Remotely-Incompetent.aspx

Re:Who asked this question?

[rbowen]

I didn't get to pick the question, if that's what you're asking. Presumably, if I had, it would be more about Open Source. I believe the question was chosen by the Slashdot editorial team.

Is your data safe in the cloud?

[salparadyse]

No.

Re:ABSOLUTELY !!

[tepples]

"Cloud" refers to a symbol used in network organization charts and data flow diagrams to refer to a connection across a large network. Something being "in the cloud" is on the other side of this symbol, namely on leased servers in someone else's data center.

Re:ABSOLUTELY !!

[Dexter+Herbivore]

"Cloud" refers to a symbol used in network organization charts and data flow diagrams to refer to a connection across a large network. Something being "in the cloud" is on the other side of this symbol, namely on leased servers in someone else's data center.

In other words, it's what we used to call 'the black box'. Once data enters the black box, it shouldn't matter to the app.

Re:A little telling

[rbowen]

What does Source Forge do that is above and beyond the call of duty to protect user information? Have you guys had any data breaches that you haven't disclosed, or fully disclosed? What would you have done differently in hindsight?

When we have attacks, and compromises (which has happened in the the past) we report in detail on it in the blog. Here's one example: https://sourceforge.net/blog/update-sourceforgenet-attack/

As with any company, these sorts of things have a procedure that we have to follow, and I'm checking with the people along that trail to see what I should say in response. There haven't been any compromises or attacks during my time at SF, so I don't have any personal experience as to how we respond to this, but I've asked some of the guys on our engineering team to help me put together a response to this question.

Mass noun

[tepples]

"Data" is plural in Latin, but in common English usage, "data" has become a mass noun. One says not "two data" but "two points of data". If you insist on inflecting the verb to match the Latin plural, do you plan to say "datôrum" for "of the data" and "datîs" for "from the data" or "to the data"? Or do you use "data" to mean gifts? Of course not; that'd be the etymological fallacy.

Re:Who asked this question?

[PerlJedi]

For what its worth, I personally agree with you.

Re:Who asked this question?

[PerlJedi]

That would be a bug, not a conspiracy. I'll see to it gets fixed.

Re:Who asked this question?

[samzenpus]

We is the other two editors and myself. I wrote a few initial ideas and then it got passed around. I'm not sure if my boss picked the topic or someone at SourceForge. As rbowen eludes to in a thread above, this is a sort of test run to work out the kinks, but we still wanted to get a decent discussion going.

Re:A little telling

[rbowen]

Here's a little more information from our legal folks:

A: Earlier this year, we went through a pretty robust process to receive our Truste certification which covers privacy, security and safe harbor (our privacy policy is located at ADD LINK). We are continuing to look for ways to improve our security controls and protect user personal information. We did fully disclose an incident early in 2001 and the details and what we did about can be found at: http://sourceforge.net/blog/sourceforge-attack-full-report/

They also recommended that I point you to our corporate privacy policy, here: http://geek.net/privacy-statement

Re:maybe more secure

[Martin+Blank]

NIST published SP800-145 (PDF warning) in October with their definition of cloud computing:

Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models.

There is an expanded section covering an additional 1.5 pages describing:

• Essential characteristics
  • On-demand self-service
  • Broad network access
  • Resource pooling
  • Rapid elasticity
  • Measured service
• Service models
  • Software as a Service (SaaS)
  • Platform as a Service (PaaS)
  • Infrastructure as a Service (IaaS)
• Deployment models
  • Private cloud
  • Community cloud
  • Public cloud
  • Hybrid cloud

OK, so it's not the best-formatted list (I blame Slashdot), but it makes the point. The document is short and abstract, but it at least tries to give a coherent response.