Data losses from Google Apps have led many people to conclude that cloud applications are not secure enough for enterprise use. Google disagrees: even after a high profile leak took place at Twitter, Google believes its cloud applications are actually MORE secure than apps hosted in the corporate data centre.
In fact, says Eran Feigenbaum, Director of Security for Google Apps, moving data to the cloud is actually the answer to the most pressing security issues facing IT departments today – and it is only their obsession with keeping data on their premises that keeps them from seeing it.
When Twitter’s private data leaked to TechCrunch, the hacker apparently got hold of a Twitter employee’s Google Apps password. This was widely reported as a reason to avoid cloud apps. When Feigenbaum visited the UK this week, he came out fighting, arguing that security in the cloud is better.
In the first part of this report, he argues why the cloud is better.
Three security issues – and why the cloud answers them
“Why is security so tough, and why do companies spend so much money on security?” he asked a round table of journalists at Google’s London office. “There are three issues: 1. The data is everywhere. 2. The security arms race that patch management has become. 3. The scale and sophistication of threats and attacks they are having to respond to.”
These problems all come from traditional ways of handling data and applications, he says. “In the traditional model today, 60 percent of all corporate data is on unprotected PCs. One in ten laptops is lost or stolen in the first year. Sixty-six percent of us admit to losing USB keys, with 60 percent of those lost keys having corporate private data.”
“If you put data in the cloud, you don’t need to store it locally,” he says, adding that his Powerpoint presentation was written on three different PCs, was never saved on any local storage, and is delivered from the cloud. His laptop was once stolen from his car, the day before he was due to give a presentation on security: “I didn’t flinch. I got to work ten minutes early, and got another laptop. My presentation was in the cloud.” He still had his presentation, and no one else got access to it.
“By letting users do the right thing, you eliminate the need to take that data with you,” he said, “because you can access it any time, anywhere, with the security of the cloud.”
Patch management is also better in the cloud, he said. “It’s become an arms race, and chief security officers have accepted it because we know no different. Software vendors issue patches on a regular basis, and security officers have to consume those patches – Are they relevant to us? Do they break any systems? – and get them deployed on the relevant systems.”
It takes up to 60 days to deploy patches after they are released, according to most people, but security officers tell Feigenbaum it’s more like two to three months: “I gave a presentation with Melissa Hathaway, security officer for Barack Obama, and she said that one out of very six government PCs is still susceptible to the Conficker worm – and that patch has been around for six months.”
Page: 1 2
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…
View Comments
does not this sound like the days of terminal/mainframe computing where the data and applications that existed on the company mainframe were accesses via lightweight terminals. Then, as computers became so affordable people wanted them in the home, in the car, in their pockets and as they became 'thinner' clients we started to put our data on the cloud. This is all well for accessing and manipulating corporate data, each with its own cloud, but I think that 100 million plus users pouring personal data into a single cloud is a bit scary. poop and pee is what goes in the toilet.
Someone told me after reading this article that your data is always safer in the confines of your own basement than out in the cloud. My response:
Your data is only safer locked up in your basement until the basement floods. As long as you are responsible for the back-up, encryption, business continuance and disaster recovery plans (don't forget updating, administering, testing these plans and all the infrastructure involved in delivery of these services) than I have to agree with you that IN is safer than OUT. However, few organizations (even huge non-IT companies) have the resources to perform all I have explained above (and that's pointed out in the article). If they have the resources, they are hard pressed to perform better at a lower cost.
If you run a no-risk accepted business (like the military) then keeping your data inside is for you. However, every business runs with some level of acceptable risk and the cloud is just that, an acceptable minimal risk compared to keeping it all inside.