The dangers of Cloud computing and online business applications
Right now there is a very clear shift towards Cloud Computing but are we all buying into the concept without considering the implications for our businesses? Wikipedia describes Cloud Computing very simply as, “a style of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet. Users need not have knowledge of, expertise in, or control over the technology infrastructure in the “cloud” that supports them.” It goes on to explain that it can also be described as, “technologies that rely on the Internet to satisfy the computing needs of users. Cloud computing services often provide common business applications online that are accessed from a web browser, while the software and data are stored on the servers.”
The key points to pick up from the above description is that ‘business applications‘ are provided online and that the ‘software and data‘ are stored remotely. With security of data uppermost in the minds of many an IT professional its worth pointing out that there has been a rise in the number of companies using online file transfer applications to send mission critical information to trading partners. Whilst many of these systems encrypt the data in transit using a variety of options which invariably result in SSL or 3DES usage many don’t consider the implications of this data then residing on remote servers waiting for the secure collection by the intended recipient.
An interesting, yet worrying article by Eric M. Fiterman about called Cloud Danger: Drag and Drop Theft highlights the inadequacies in the audit tools for the virtual cloud space. He points out that anyone with access to the servers providing your business with a service could very easily walk away with confidential information;
“If your service provider has physical access to your environment, any person with access to the virtual servers can perform activity on your server. Think that some malicious activity involving your virtual memory would be logged or monitored? It’s not likely; audit tools for much of the virtual-cloud space appear to be non-existent. This means I could easily perform some malicious activity on your server – such as copying a file containing personally identifiable information off your server – then rollback the state of the server to hide my activity. You’ll never even know it was taken.”
When chosing a file transfer solution its imperitive that you know not only that your data is going to be secure whilst traversing the Internet, but also secure on the servers which host the data. Whilst its almost impossible to guarantee the security of your data at any time doesn’t it make more sense to have an in-house securely managed file transfer solution?