The Cloud, Day 21: My Data Might Be Safer in the Cloud

It seems risky to store sensitive data on the public Internet, but in many ways my data is getting better protection

Yesterday I talked about my concerns about the security of my data if I store it in the cloud. It seems like an awful lot of faith to put in a third-party to expect it to protect my data. However, there is a flip side to that coin that suggests that maybe my data is better off in their hands than mine.

My security concerns stem mainly from taking data that I don’t want accessed by anyone but me (and maybe a handful of authorized people that I designate), and placing it out on the Internet. Sure, it is supposedly locked down, but it feels like taking my valuable possessions, putting them in a box with a padlock, and leaving it in the middle of Times Square.

There is a fallacy to this analogy. The idea that my box with the padlock is safer in my house than it is in the middle of Times Square is based on an underlying belief that my home is more secluded, and less accessible to potential thieves than Times Square. When it comes to protecting my data, it isn’t necessarily true that my personal computer is a safer place for my data than the cloud.

I do agree that it should be more secure, but whether or not it lives up to that potential comes with a number of variables that I am not really interested in maintaining. Security is a full-time process, not just a moment in time.

The data should be encrypted, and have permissions set to restrict access, but I also need to make sure that my operating system and applications are patched and updated to protect against known vulnerabilities that could be used to compromise my data. I need to stay informed of emerging threats, and new attack techniques, and I need to review log data, and monitor network traffic and data access patterns for suspicious activity.

When I store my data in the cloud, I still have to accept responsibility for the basic permissions and encryption, but the service provider handles all of the other facets of maintaining and protecting the data at the cloud data center. I have an entire IT department working on my behalf to make sure my data is protected – and those are resources I don’t have on my own.

It can be argued that my data is actually more secure in the cloud than it would be under my own stewardship. And, by storing my data in the cloud I get the benefit of virtually ubiquitous access from anywhere I can get a Web connection, and redundant backups so I am not trusting my data to a single drive that is prone to crash or fail.

If I store my data locally, it is in my direct control, but that doesn’t necessarily make it more secure. Basically, whether I store my data locally, or in the cloud, it is still ultimately my responsibility to secure it – but in the cloud I at least have the support of skilled IT professionals to keep everything updated and monitor for suspicious activity.

So -- to tie this back to the Times Square analogy -- the choice is between storing my padlocked box in my unlocked house with nobody watching it, or storing it in the middle of Times Square with an expert locksmith to maintain the padlock, and an armed security detail watching it 24/7 to make sure nobody touches it. Given that scenario, I think I’d rather have my box in Times Square.

Read the Last "30 Days" series: 30 Days With Windows Phone 7

Day 20: What About Security?

Join the CSO newsletter!

Error: Please check your email address.

More about etwork

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tony Bradley

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts