In the light of recent revelations by providers of email, chat, social network, and cloud services about how often they’ve turned over supposedly private data, combined with almost daily news of various security breaches, we’ve been having a steady stream of questions from our customers about how safe the cloud actually is.
Bruce Schneier, a security technology expert and author of over a dozen books on the subject, was recently asked about cloud security in Computerworld and said, “You have no way of knowing. You can’t trust anybody. Everybody is lying to you.”
But this is what we in the IT industry and in particular those of us involved in the early days of email messaging security (as MicroData was) have always known. As soon as you relinquish control or grant access to data, it invites others to mine it using software tools that are incredibly powerful and effective. You can’t extrapolate what you as a business owner can imagine as possible or practical. Those concepts don’t apply.
So if you’re concerned what can you do? A couple of simple things go a long way to keeping your information private and safe.
- If it’s really important, confidential, or valuable, keep it where you can touch it. That’s not to say that cloud data storage or cloud backup doesn’t have a place for some data, but if it’s not in the cloud you don’t have to worry about where it is. A great example was how the defense contractor Raytheon used to have certain employees remove the hard drives from their computers every night and put them in a locked safe. While at first glance that seems silly, they never had to wonder where the data was.
- Implement reasonable safeguards. I know, security isn’t fun but security policies and safeguards are put in place for a reason. The number 1 security risk to your data are actions by your employees – either unintentional or not. Reasonable policies and safeguards can go a long way to keeping your data safe.
- Periodically review your organization’s data structures and see if they make security (and practical) sense and if they are, in fact, working. Many organizations start off with a good security stance but then forget about it thinking that it’s been ‘taken care of.’