A December 13th posting in the Harvard Business Review Blog titled; Cloud Computing? Not So Fast — Unintended Consequences of Recent Disclosures, seemed to conclude cloud computing/cloud storage was inherently less secure than traditional local or on-premise storage of sensitive records. The blog entry tried to site a couple recent cases to prove the point. One example used was the wikileaks revelations. The implication was this massive amount of leaked information was (more easily) leaked because it was “stored in the cloud” verses somewhere else…such as an organization’s NAS or SAN.
The implication of the blog posting is inaccurate in that it assumes the top secret federal government controlled files were stored in a third parties data center with little or no security and this was why army private Bradley Manning was able to easily steal a such huge cache of files/records.
I don’t know for a fact, but my guess would be that this data was held within the federal government infrastructure and was not being stored at a third party data center. But even if the data was held at a third party facility, security of the data is key.
There are several definitions of cloud storage but the one most referenced is; cloud storage is storage accessed over a network (internal or external) via Web Services APIs. To many in the business world, cloud storage is a service which allows an organization to store electronic files/records in a third party remote location. Organizations will look at this service for a couple of reasons; first it may be less expensive then purchasing and maintaining their own local storage resources. The second reason is for increased security; sensitive data can be better protected from employee leaks etc.
The miss-used wikileaks example aside, it may be the author doesn’t fully understand the technology involved in on-premise storage verses cloud storage. In my experience, most organizations don’t protect the data their employees store locally with encryption or other safeguards. Many of the cloud storage providers encrypt data being stored to a cloud repository as it arrives at the storage facility. A couple providers encrypt it before it leaves the customer’s location; and of course the encryption key is known only to the owner of the data not the storage provider.
Top tier cloud storage providers store their customer’s encrypted data in class 4/5 secure underground data centers. Many Fortune 100 companies believe this type of storage is higher quality than letting their employees store sensitive data locally…