Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Is Your Data Safe In the Cloud?

Posted by samzenpus on from the silverish-lining dept.

With so much personal data being kept on the cloud, including government and health records or your source code, do you have any concerns about it falling into the wrong hands? Do you think the cloud's benefits are outweighed by continuing security issues?

5 of 332 comments (clear)

  1. Re:A little telling by Hadlock · · Score: 5, Interesting

    Well, we were pissed about the experts not being expert enough -- so here goes nothing -

    What does Source Forge do that is above and beyond the call of duty to protect user information? Have you guys had any data breaches that you haven't disclosed, or fully disclosed? What would you have done differently in hindsight?

    --
    moox. for a new generation.
  2. security... from what? by carbon_tet · · Score: 5, Interesting

    I am a lawyer, and the thought of trusting my data to the cloud makes me very nervous for several reasons.

    1. Government access. If you trust the government to keep its hands off of your securely stored data, you are living in the 1960s. Federal and (most) state governments are too tempted by the possibility of using your data for good purposes to actually keep their hands off it. Employees (like the FBI) will peek at it, especially if you're famous. They will run "searches" to see "what comes up" and get a feel for whether the government needs to do something. Data should never be stored -with- the government, and government should be expressly forbidden from getting access to it after it is generated. They should be required to give you notice each time that they access your data and describe to you what they are looking for in it when they inevitably -do- access it.

    2. Outside threats. I'm thrilled every time I read about botnet attacks and Anonymous hacks that get into some individual's or company's private data. (Sarcastically...) "Yes, I believe that my externally stored data is safe from outside intrusion and will not be stolen by criminals." No, I don't believe that. There is no routine requirement for encryption in business environments. If there isn't a robust, national / industry-wide data encryption plan that makes it easy for the end-user (the person whose data it -is-) to protect and access the data, I think that the cloud is too risky for storing really important information, rather than just having my music collection stored in iCloud or Amazon's service.

    Also, email security, to me, seems to be a joke. Here, I don't worry about breakins to get at my information, although that has happened at many email providers. Rather, I worry about internal inspection of my information. I use Gmail, but I don't believe for a minute that Google, (or Facebook, which I don't use) doesn't sometimes run statistical analysis of the email stream or the google search bar terms I use to learn more about me. It's their business to know more about me so that they can make money advertising to me. You can be sure that they test their AdSense algorithm improvements on my data to enhance the chances that I'll click on an ad and make them a few per thousand clicks.

    I will use the cloud as a backup with services like MozyPro, but only if I can have assurance that my information (my clients' information, really) is locked down tight. To my mind, "ease of access" from storing information in the cloud equates all too readily to "ease of theft" where the thieves don't even have to leave their desks in Mountain View or Moscow to "reach out and touch someone" (apologies, ATT). I much prefer to make the thieves go to all the bother of getting up and coming to my house or office to steal my data.

    --
    Carbon_Tet
  3. Re:Government action by rbowen · · Score: 5, Interesting

    Yes, to me this is a much bigger concern than something intrinsically secure/insecure about cloud computing. By entrusting my data to a third party vendor, I make it one step easier for the government to sieze it. With the kinds of legislation that's being debated even this week, I worry that any data I entrust to a vendor might eventually be subpoenaed, and I wouldn't have any recourse.

    And hosting that data elsewhere (ie, outside of my country) doesn't necessarily solve anything.

    On the other hand, the benefits of the cloud - a scalability that I can never achieve "at home" - enormously outweigh this concern in most cases. When it comes to confidential data, however, the question becomes much less obvious.

    --
    Apache guy, Open Source enthusiast, runner
  4. Re:Possibly better trained than me? by Samalie · · Score: 5, Interesting

    The key phrases of your entire post are "I would like to believe..." "In theory..." "....seem to do a good job"

    The reality of it...really...we, as sysadmins turning to "The Cloud", have no real bloody idea how good the people there are. And lets face it...there are rogue sysadmins everywhere (just like rogue accountants, etc). Sure, its a serious minority of people, but they exist.

    If I have a rogue sysadmin at my office, my data is in danger (whether by accidential/intentional destruction, leaks, theft, etc). At aq major cloud provider, hundreds, if not thousands of company's data is at risk.

    There are definite cases for The Cloud...I have my antispam services in the cloud for example. The economy of scale meant that they could do a better job for the same price as I could internally. If you are a retailer with an e-comm presence, having the ability to instantly scale up your processing power based on need at a given moment (ie..Black Friday/Cyber Monday) without having to buy hundreds of thousands of dollars of equipment that is rarely used is a good thing.

    But throwing my day-to-day operations and database to the cloud? I have no need, and I can provide the services to my company far cheaper than any external provider. Last time I priced it out, I could entirely re-do my entire computer infrastructure (Servers, desktops, switches, routers,etc) every 2 years for the extra cost of having it hosted for me. I'd be a fucking retard to do that.

    --
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
  5. Re:Government action by VortexCortex · · Score: 5, Interesting

    "Becomes less obvious"

    No it doesn't. Well, not to me. I just encrypt my data and store it in .JPG, .TGA, .PNG image's exif or "developer's area" data, then upload it to Sourceforge, GitHub, PirateBay, etc. and share it with the whole world. Since the images can't be transcoded in my open source projects (or else SHA-1 hashes don't match in the repositories), the data is pristine, verifiability tamper proof, and everywhere for me to re-download, decrypt, and use (so long as my projects remain popular).

    I didn't see anything prohibiting this practice in the EULA... Still, I thought it best if the data was actually used for something. Turns out encrypted data makes a really good and fast pseudo random number generator lookup table, although it does eat a bit of disk space.

    Now, if you want to narrow your definition of "cloud" to only services that do re-encode and compress my data, not allowing encryption or lossless images -- Well, I'd argue that those aren't storage solutions so much as storage problems.

    Lately I've been hosting my data with friends and family, and they host theirs with me. Altogether we've got quite a bit of redundancy and geographic coverage. While I may not be able to get as reliable a service "at home", at all of our homes, I've achieved even higher uptime over the past year than Sourceforge.org has had... My custom solution involving deduplication (hey, we're family we can ACTUALLY trust each-other with some things) and other FSYNC like features is not ready for prime-time yet, but when it is, I plan to TAKE BACK THE CLOUD -- For free.