- First Five: Cloud
- First Five: Simple Security Issues
1. Cloud is not a puffy, white, nebulous thing in the sky: It’s a metaphor for machines and the internet.
Cloud might sound omnipresent and intangible, but it is actually a physical machine (or set of connected machines) located in an actual, physical place that we connect to via the internet. Cloud machines are usually very powerful and very fast. And usually in a giant warehouse (“datacenter”) somewhere, trying to stay cool. The term is from when network engineers were drawing a diagram (yes on paper, whiteboards, presentations) and wanted to designate something other than the metal machines located in the same facility as the terminals (screen-keyboard). (I think the drawing looked like a popped popcorn. So, we could have ended up calling AWS “Amazon Popcorn.” Which would have also been good business for Orville.) But cloud is not white and fluffy; no, it’s cold, hard, and black. Like the heart of Khan.
2. You’re probably using cloud—even if you don’t subscribe to it
While cloud is not omnipresent, the use of it is: If you use a smartphone, you’re using cloud. Google Calendar and Google Docs are cloud. Siri is cloud. Invite mom to a lunch date in Google Calendar, and while you can edit that info anytime, it is stored on a machine far away. When you say, “Hey, Siri,” you’re just accessing data (a contact’s phone number, directions to the theater, the fate of Alderaan) that you (for your contacts) or someone else (Apple Maps programmers and Wookieepedia) previously stored on a machine somewhere programmed to interact with your handheld computer.
3. Cloud can be more than just data storage.
Cloud is not just a place to store your stuff (iPhone pictures, for example); it’s also a place where you can create your stuff. Let’s compare Dropbox (storage) and Google Docs (storage+compute), for example. If you create a document on your computer (like in MS Word or Pages), save it in your machine’s memory, then upload it to Dropbox, and then you retrieve it and save it to your local machine again, that’s using cloud just for storage. It acts like a file drawer for something already written: you work on it outside the drawer with your own pen and paper; you put it in the drawer for safekeeping; you get it back out to work on it again—with your own pen and paper.
On the other hand, when you create your document in Google Docs, the writing and editing take place in the cloud, (e.g., using Google’s machine and software that you access via the internet). Cloud-based word-processing is like opening the file drawer (which doesn’t belong to you) to access the pen and paper that come with the drawer, working on your project in the drawer, and closing it when you’re done—leaving behind not just the document but also the tools (pen, paper) for working on the document. In this case, you’re doing your computing in the cloud, as well as your storage.
4. Cloud security 101: privacy and permanence
This is an overview, not advice. Where your data will be more secure is a complex, personal question.
Data security has two main aspects: “privacy” (“security from theft”) and “permanence” (“security from loss”). When you connect to the internet, you may be making compromises between the two.
Storage on your machine is generally more private—less susceptible to theft. This is especially true if you keep your data on a drive that is not often connect to the internet. On the other hand, a drawback of local storage is that it is more susceptible to loss—its permanence is more easily compromised. For example, your local drive could be wiped out by a lightning bolt or flood…or angry sledgehammer, but storing data in the cloud often means it’s on more than one actual machine (has redundancy).
But because cloud storage is always connected to the internet, is also connected to potential miscreants. While cloud providers usually are quite particular about security—and encryption and monitoring and such—cloud is, nonetheless, vulnerable to attack for the very same reason we love it: It’s convenient and easy to access.
And companies have some different storage and compute needs from individuals. So another thing that makes cloud attractive to companies, not just for storage but also for computing, is the number of cloud-based services geared toward making life easier for companies. If you pause for a moment and consider the piles of data even just a mid-size company (whether retail or insurance or transportation) deals in, you might see why cloud could be particularly advantageous. For one thing, companies will often need backup that is somewhere other than their main site so that, if there’s a disaster at headquarters, their business can still function. But while businesses usually invest in the expertise and effort to extra-encrypt and monitor their data (or the cloud service provides this), companies’ data is still vulnerable to hacking much like the data of individuals.
5. Cloud and privacy: Who owns your data in the Cloud?
When you upload your photo to Instagram or store your short story in iCloud, who owns your stuff? This is another aspect of privacy. And it varies by the type of data and where it’s stored. It might be addressed in the cloud provider’s fine print—or not specified at all. This is a question worth considering, so you go in with eyes wide open. But in some cases, the cloud service might actually own your work if you create it and/or store it on their machine. Or the government might be able to look at it more easily. For example, if your photos are stored on a hard drive in your house, it’s clear that a warrant is required to legally search for them. On the other hand, if they’re on a cloud machine, is a warrant still required? This question is not really settled, so just something to be aware of. It might be worth reading the fine print so you can make an informed choice about data storage in the cloud.
- PC Magazine, What is Cloud Computing
- InfoWorld, What is Cloud Computing (an overview of Cloud services, like Software as a Service—SaaS, and other “aaS”)
- Scientific American, How Secure is Your Data…in the Cloud
- Data Center Knowledge, Security Breaches, Data Loss, Outages…
- UC Santa Cruz, Security Breach Examples and Practices to Avoid Them
- Enterprise Storage Forum, 12 Reasons to stay On Prem