Is the cloud a better place for our data?
Summary
Topics
As consumers, we have two options of storing our digital data: locally or elsewhere in the cloud. A good analogy would be the option of storing your savings under your mattress or in an online bank. Of course, that decision is a personal one, but it is also commonly confused by technical discussions that are not really interesting or important to laymen. In the case of the Sidekick outage, discussion has been skewed because subtle but important differences in the value of customer data such as personal files compared to application-specific data such as IDs, passwords and the like are often overlooked.
When data loss happens, usually the number of records lost or stolen containing information which identifies the customer is reported; information such as credit card data, bank account numbers, passwords, addresses and phone numbers. Does this prove that only customer-identifying information is usually at risk, hence we should spend most of our efforts protecting it? The obvious answer may not be the right one. Let me paraphrase an anecdote I learned in a statistics course to further illustrate that point.
A wartime aviation engineer needed to solve the problem of planes being lost to small arms fire from the ground. He examined hundreds of planes on major combat airfields and repair facilities, and mapped all bullet holes to the primary parts of planes. He discovered that almost all of the planes available for study had a large number of bullet holes on the wings—almost none were hit in the body and tail areas. You probably already know the solution the engineer devised, which was that he proposed reinforcing the body and tail areas of the planes with additional armor. His logic was simple: Planes that were hit in the wings were coming back, whereas planes that were hit in the tail or body area were not returning to base. (Robert Bartoszyński, 2008)
Applying this principal of protection to our discussion of data loss, we can infer that passwords and other identifying information are important, but not as important as the actual documents that contain information of monetary or other value. For example, if a password theft is detected, simply changing the password protects the victim. However, if a file is lost or stolen sometimes as a result of compromised password, there usually is no remedy other than cutting the loss. Additionally, where the cost of a lost password is fairly static, the cost of lost information is highly variable.
Data is king – but the emperor has no clothes these days. Much more attention and IT budget is spent protecting network perimeters, assuring high availability of applications and databases instead of protecting unstructured customer data. The data – not the service – should be important for customers. What value is restored service to anybody if they then must manually restore from backup? Presuming there is a backup, which is not always the case.
Despite questions raised following the Sidekick outage, this is where the cloud can help. Consumers do not have to worry about backups with best-in-class cloud vendors who utilize the economy of scale that clouds bring both for resources and expertise. The cloud is best positioned to correctly implement the security triangle of Confidentiality, Integrity and Availability for consumers and business alike, because it can have complete control over all aspects of the systems: the applications, the environments, the people and the processes.
biography
Mushegh Hakhinian is a security architect at IntraLinks, a company which provides on-demand solutions for businesses to collaborate, communicate and exchange critical information inside and outside the enterprise.
Talkback Most Recent of 17 Talkback(s)
-
Three words
Don't trust it.
Economister26th Oct 2009 -
Amen! Don't trust it.
The cloud is an unnecessary return to an ancient world of centralized "iron" vaults, only much worse. Giving up complete control of your own data is NEVER a good idea. If the IRS, FBI, or whomever else wants to seize your records, they won't even have to visit your offices with a warrant. They'll just send a letter to your "cloud" partner and take anything they want off their servers. You may not even find out about it until later. Your competitors could also hire hackers to target your "cloud" partner and gain full access to all of your data by breaching their servers. You would have zero control. Don't trust this direction folks. Resist the buzzword. Resist the cloud.
BillDem26th Oct 2009 -
Lost word
Looks like four words to me, the first two being signalled by an apostrophe.
Musta lost a bit of data somewhere along the way
johnfenjackson@...26th Oct 2009 -
Economister26th Oct 2009
-
I have learned that I am the only...
one I can trust with my IT period. The hardware and its configuration in my systems are of the same quality or better than what data centers run. As long as my plan for redundancy is a good plan then a third party just becomes a liability.
BTW, money I keep at home is just as safe as money at my bank. My fireproof safe bolted to my concrete slab is not going anywhere. I don't earn interest however but data I store in the cloud isn't going to provide me a return either.
I am truly as capable as any system designer, engineer or whatever you want to call them to design and implement a data center for my company, and probably more so after meeting some of these designers at various times over the years.
The cloud may be suitable for some and that is just fine. But I will take my chances with my solutions anyday over a third party cloud.
bjbrock26th Oct 2009 -
Re your safe, where do you live?
I mean the address and the hours you are there please.Economister26th Oct 2009 -
They are actually mason jars...
buried in the back yard but a safe somehow sounded better.bjbrock27th Oct 2009 -
Unless it's in two places, it doesn't exist.
First of all, cue the standard complaints about
the sidekick "not being a true cloud."
As if not being a true cloud gets anybody's data
back, and as if you have any way of knowing if
your provider is giving you a "true cloud" or not.
"As consumers, we have two options of storing our
digital data: locally or elsewhere in the cloud."
It need not be either/or, however!
It can be both!
The backup motto has always been, and should
always be: Your data doesn't exist unless it's in
two or more places.
And the cloud is one place, not two.
"Applying this principal of protection to our
discussion of data loss, we can infer that
passwords and other identifying information are
important, but not as important as the actual
documents that contain information of monetary or
other value."
There is, unfortunately, a fatal flaw in your
logic:
Passwords and identifying information are the keys
to accessing the actual documents. If they gain
the keys, they gain access to the documents.
This isn't an airplane. It's a locked box.
-1 for poor use of metaphor.
CobraA126th Oct 2009 -
Tell it to M$ and App?e
Agree that data is king. It seems to me that one of the primary functions of a good consumer system should be protecting us from our laziness in this regard.
Windows Home Server and Time Capsule are pretty feeble efforts.
It is interesting that M$ went with UAC ... but no attention to password control and limited work on backup facilities.
Of course they do not have the consumer viewpoint as their primary focus. Ironically it seems to me that signing customers up to data protection in the cloud would be simple and lucrative step for M$.
I regard HP's WHS Mediasmart as a pure monetising play. Shoulda built those hot swap disks into a standard PC.johnfenjackson@...26th Oct 2009 -
RE: Is the cloud a better place for our data?
You're missing one important model that is so perfect, I
wonder why others don't copy it more. It's embodied in an
application called FileMaker. Backup, at a server level is
built-in and backup in a peer-to-peer context is as easy as
any backup (please don't try to make it sound so hard to
do).
Using dynamic DNS services (ex. No-IP.com), you can pick
a node anywhere on the net to host then access your own
data from anywhere from either a rich desktop client or
using any browser.
Extensibility, interoperability, data ownership and control;
FileMaker is a pretty remarkable combination of doing all
of what you're talking about extremely well while
answering every concern.
No I don't work for FileMaker, but I do have a FileMaker-
based solution for the real estate industry. I developed it in
FileMaker because I believe in data portability and data
interoperability first and foremost. It's a passion really.
Any debate over whether digital is real from a value
standpoint has been long-settled. Any cloud-based system
is not good enough until it's perfect. In my own
management of my own data, I've never lost any data since
I entered the computer industry in the 1980's.
I do not believe the debate over whether purchasing an
os-based software application versus having the life-
management benefits of software available only via never-
ending subscription payments is over. For instance, an
artist would be better leveraged by having knowledge of
Photoshop rather than by using lower-capability, ultimately
higher-cost hosted tools.
Your data is your most foundational tool in operating in
the world; therefore, where it's housed becomes inimitably
important.
I remember when the internet first started: it was heralded
as the perfect system for it's decentralization. Mmm. Now
everyone wants you to believe you have to store your stuff
on *their* hard drives and pay them forever for it as a
service. Pssst. Listen to the guy who's tellin' you a way to
get it done *without* another monthly payment.
Matthew Hardy26th Oct 2009 -
ah yes . . .
"I remember when the internet first started: it
was heralded as the perfect system for it's
decentralization."
ah yes - those were the days . . .
Everybody would be peers, all computers would
be equals . . .
Now we're going back to centralization again.
Your computer is unimportant, their networks
are more important.
Basically a mainframe model, on a larger scale.
The more stuff changes, the more it remains the
same.
FileMaker is interesting - but way too
expensive for personal use.
Software that costs as much as a netbook? Is
that a joke?CobraA126th Oct 2009 -
FileMaker
> FileMaker is interesting - but way too expensive for personal use.
Software that costs as much as a netbook? Is that a joke?
No, it is not a joke. FileMaker is less expensive than any subscription-
model solution. Duh. Costs can never be considered alone; the
question is: what do you use the tool for? If it's to make more that
minimum wage, then investing in good software tools means
amortized costs recede to near-nothing as income derived from using
the tool increases.Matthew Hardy27th Oct 2009 -
yeah right
so that everyone can see it, CIA, FSB, NSA, FEMA, MOSSAD...just give up everything personal
is new world order behind this kind of texts?
ljenux-2304376600766755823441610560426527th Oct 2009 -
RE: Is the cloud a better place for our data?
The bank analogy is absolutely absurd given the recent disaster in the banking sector, the collapse of some institutions and government guarantees not covering losses over a certain amount.
All you have demonstrated using this analogy is your complete ignorance of the issues that *could* occur using cloud based storage. Yes its a great idea and it works to a degree but there are still plenty of downsides.
garykind@...27th Oct 2009 -
RE: Is the cloud a better place for our data?
http://www.backupspace.com is a new online backup service that I found to be very easy to use and efficient! highly recommended!
jpr267530th Oct 2009
Talkback - Tell Us What You Think
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Facebook Activity
