Sorry to interrupt your busy day but does anyone know anything about Cloud security?
It’s the question that has been asked since off-site data storage was first contemplated. Sticking data up in the ether solves a lot of problems but what are the legal/governance implications?
If it were a question asked by Stephen Fry on TV programme QI, Alan Jones would hold up his little paddle with “Nobody Knows” written on it. I defy anyone to muddle through the conflicting edicts of the US and the EU and to come up with some cast-iron, incontrovertible truth.
On the west of the great pond, we have the American authorities who claim access to any data held by US companies anywhere in the world – even if the data does not belong to the company. Heading East, we have the EU which effectively says that data is sacrosanct and should not be stored where anyone else can gain access to it.
The answer of course is to encrypt your data before committing it to a cloud storage system, keeping the keys carefully locked away on terra firma. That’ll fix ‘em. Now, we have the storage sorted, let’s move on to the applications. Ah, just a minute.
Seems we have our data encrypted and an application that wants to use the data – who would have guessed?
So, the keys go up in the Cloud and the cloud of mystery becomes one with a silver lining for the US authorities. The problem with encryption in the cloud is that data won’t work with applications unless it is decrypted. This makes the data vulnerable as it is decrypted, which is arguably a risk worth taking, but it also means that the keys have to be used where they can be snatched by the authorities.
I have no doubt that the FBI, CIA or any other US protection service would not use their powers for US commercial gain – but the US business armlock may be weakening as the Chinese flex their new-found financial and commercial muscles. Which also raises the aside of what would happen if a Chinese company acquired your cloud provider. It’s not happened yet, but it almost certainly will.
Anyway, the US will fight to keep its role and a future administration might not be so selective about who can access the Cloud-stored data. It would be a rich source of intelligence for industrial espionage – which is precisely why the EU is trying to block such moves.
When security is discussed, the talk tends to pin itself around the periphery of the company. Now the Cloud is part of that the edges have been adjusted accordingly. The “thing” that the cloud vendors do not willingly discuss, unless asked, is who has access. A typical answer is that no-one – not even our staff – has direct access to your information. And nobody sees the spook in the corner of the server room.
E-commerce giant faces another unionisation move, with workers at North Carolina warehouse set to vote…
Supreme Court in US on Friday is to hear oral arguments that could well decide…
Jeff Bozos challenge to SpaceX's Falcon-9 heavy lift rocket, the New Glenn rocket, to make…
As US ban looms this month, TikTok faces a buyout offer for its US assets…
Bending the knee continues from the tech industry, as Alphabet's Google becomes latest to make…
Software and cloud giant Microsoft confirms it is cutting a small percentage of jobs across…
View Comments
Well said Eric Doyle.