Cybersecurity

Not All Clouds Are Created Equal

Data breaches have always existed. They certainly predate computers, strange as that might seem, because a “data breach” is simply when information (usually of a sensitive nature) gets into the wrong hands. As long as humans have been storing information of any kind in any way, there have been other humans who have tried to steal it. That being said, since the inception of computers and the ensuing “information age,” data breaches have grown exponentially, and public awareness of them has followed suit.

Data Privacy Violation Concept

Lightspring / Shutterstock.com

It makes sense, of course. The more we use computers and the Internet, the more data we create, consume, share, and attempt to hide. The more data there are out there, the more inherent opportunities there are for breaches, just from the mere existence of those data. And in fact, estimates tell us that this year, more than a third of all data will live in or pass through the cloud. Think about that: In a time when there’s more information than ever, over a third of all information that exists will live or travel online. It’s a staggering thought, given the risk inherent in cloud computing.

And there is risk inherent in cloud computing. The more points of access any data storage space has, the higher the risk. The cloud, by its very nature, has more points of access than a computer at home that’s not connected to any Internet source. Combine that with the many frightening data breaches splashed across the headlines—including major companies like Sony, credit card companies, and even our own government—and it’s easy to slip into an all-or-nothing mind-set. We might be tempted to just label the cloud as too dangerous or risky; we may just be too afraid to use it at all.

The problem is that that’s kind of like saying we should be afraid of buildings because buildings aren’t secure. “The cloud” is better referred to as “cloud computing,” and it’s not a monolith. It’s a variety of services and tools that are available on the Internet—as opposed to directly, physically connected to a server on premises. For some readers, this is a well-known fact. But because some media report on “the cloud” as though it’s one, giant thing, some readers might be left puzzled. The reality is that every service has its own “cloud,” and each has different levels of security based on the measures the creators and consumers take—just like buildings.

There are certainly some buildings that are dangerous, some that we should even be frightened to use; and we can certainly point to a history of dangerous break-ins to support this fear. But do we eschew buildings altogether? No—that would be ridiculous. We all have an inherent sense that there are different levels of security that vary from building to building; we know the Pentagon is more secure than, say, your backyard shed. We also have some element of control over the security in our own buildings. After all, 90% of all data breaches are caused by human error, and 36% of those are caused by misconfiguring our databases.

Any Site You Give Information to Has a ‘Cloud’

Technically, any website that collects your personal information now stores that information in the cloud. It stores it remotely, on the Internet, on its own set of servers or data storage. The question you have to ask yourself is this: Is it prepared to protect it? And are you prepared to trust it with that responsibility?

Most of you reading this probably make this assessment instinctively. If Facebook were to ask you for your Social Security number (SSN), you would likely decline—you know it doesn’t need it; it’s had breaches in the past, and it simply isn’t worth the risk. Then again, if you’re filing your taxes online and the site requests your SSN, you’d be much more likely to comply. You know the site needs it to do what you’re asking it to do, and if you’ve chosen well, it’s a site that has immense security measures in place.

You instinctively trust some sites but not others. But if you want to really avoid the dangers of the cloud, you likely need to raise the bar on which sites actually earn that trust. Err on the side of suspicion; if a site can’t show you how secure it is, don’t risk giving it your personal information. Many people would rather err on the side of convenience; they want the service the site is offering, so they just assume it’s safe without actually checking into it. Be shrewd. Scrutinize every site before you give it your trust.

Public Cloud Vs. Private Cloud

The biggest difference here in any type of cloud is whether it’s public or private. You might be aware that you can create your own private cloud; this cloud, in the form of a virtual private network, is the most secure option of all because you control access, configuration, and data management. You can double-check for yourself that the security meets your high standards and then proceed to store or share whatever information you deem appropriate.

Of course, the reality is that some public cloud use is necessary if you want to maintain any access to the valuable array of online services out there. Using rideshare apps, banking apps, and social media or even just ordering something on Amazon means you’ll have sensitive private information on a cloud that’s not yours—a cloud you can’t personally control. And that’s OK. Just make sure that cloud is worthy of your trust.

alt link text Francis Dinha is the founder and CEO of OpenVPN, a provider of next-generation secure and scalable communication services. With over 60 million downloads since 2002, OpenVPN’s award-winning open source VPN protocol has established itself as the de facto standard in the networking space.

Before he founded OpenVPN, Francis was the CEO at Iraq Development and Investment Projects where he played a principal role in architecting a joint venture to win the mobile communication license in Iraq. He has served as an architect and broadband system engineer at Ericsson, where he worked both in the U.S. and Sweden. Francis was also the founder and CTO of PacketStream, a company whose patented technology enabled dynamic Quality of Service provisioning of IP networks. Francis has a Master of Science in computer engineering from the University of Linkoping in Sweden.

You can find Francis Dinha on LinkedIn and Twitter.