Monday, 3 October 2011

Cloud Data Security - When Facts and Myths Collide

'There is no way on earth that I would put my company's data on servers mounted in the Cloud. Not in my lifetime,' said an executive to me a couple of months ago at a Cloud Forum. I sagely nodded and agreed with his arguments. His company was a household named Building Society.

By the end of the conversation we had agreed, to his surprise, that his company actually had 13 business applications currently hosted in the Cloud, ranging from internet banking, comparison website feeds, websites, to HR platforms. In reality, what he meant was that the emails and general user data files, possibly ERP system, that company employees used were the sacrosanct area.

In looking him up later, I networked with him via LinkedIn after he had given me his business card. I noticed that he had put up his career details, the town in which he lived and his personal email address on his LinkedIn profile. I found him on Facebook too though I did not link with him.

It's an odd fact that most of us are content to make very important details available and make highly sensitive transactions every day over the web deep in the Cloud and we trust that our most personal and vital information is not compromised. We buy flowers, gifts, groceries, books, book holidays, buy flights add our credit card and passport details to sites, home phone numbers policy details - you name it we surrender it. It is usually for the convenience and herein lies the truth of it all.

The Cloud has very distinct advantages and personally we all are very much bought in as users with few exceptions, even in dealing with Government over the web or discussing our innermost secrets sometimes with almost complete strangers on public 'walls' where we even care to name our children and put up photos of them and our spouses, friends and family up.

Company's who specialise in acquiring competitive knowledge and doing due diligence actually glean most of their information from executives active in social networking or on other public sites.

We must be mad. But we're not. 

Yet when it comes to our company's interests, we are stuffy as heck. Why is that?

The person in question asks all his customers to put their trust in an externally mounted server somewhere in the ether through which they can access all of their banking data, pay bills, transfer money and even ask for loans and overdrafts. That same person, having taken our trust for granted, then votes against the same extraordinarily on behalf of his company's own data which arguably is nowhere near as sensitive.

It's at this point where facts and evidence collide. What is secure and robust for customer transactions is not secure enough for mere emails and general files.

I am not arguing that companies should bury all their fears and just break into the Cloud but I would strongly advocate that they reconsider their own bull. If the Cloud is secure enough for millions of transactions per second of commerce including that company's customers' data, then surely the same medium is secure enough for vast majority of intra-company emails and flotsam files?

Hmm, maybe I'm going mad after all.

No comments: