Feeds

Trust the cloud with my PRECIOUS? You gotta be joking

Violated, deleted... put your data up there and bad sh*t HAPPENS

Combat fraud and increase customer satisfaction

Being a hardcore music geek of a certain age, I own several thousand LPs, CDs, and cassettes that I accumulated over the course of several decades. But as any serious record buff knows, collections like this are not remotely scaleable. I have several closets bursting with music in assorted physical media and I know people who literally need to rent separate spaces just to store their LPs. So at a certain point, making the move to the digital realm can be too tempting to resist.

Thirty-page CD booklets and album-cover illustrations large enough to hang on a wall are nice, but in many ways relocating everything to a hard drive is nicer: Not only is the space for your library effectively infinite, but as an added bonus you can fire up any track you own without getting out of your seat. I rarely buy music in analogue form these days, and I’m perfectly happy with that. What I’m much less comfortable with, however, is the next generation of technological “advances” in archiving large libraries of data.

Storing your music collection, or anything else, in the cloud strikes me as so obviously dangerous that it’s hard to understand why anyone would consider it. The benefits: Someone else maintains the physical media. There’s no need to worry about running short of disk space. Backups are magically taken care of. The drawbacks: Where do I start? For data and code you use as part of your job, sure, there’s no reason for you to fret about the hows and wheres of physical storage; that’s what system administrators are for. But for your own files, there’s a long list of glaring risks.

Privacy? Pffft....

First off, the cloud’s owner knows about every song and book in your collection. Depending on how clean-cut you are, this may or may not be cause for concern, but “If you have nothing to hide you have nothing to worry about” is not a good reason to forfeit your privacy. You may have bought a copy of the book How to Pick Locks for educational purposes, or some of Charles Manson’s demo tapes for laughs, but you shouldn’t have to worry that someone will get the wrong idea about those purchases and report you to the authorities.

Then there are broader privacy questions. Can you be sure the cloud owner isn’t doing anything with your data? Is it conceivable that at some point in the future they might sell or rent it? Imagine how much marketing companies would be willing to pay for personal information stored in the cloud — even if it were anonymized.

The “trust us” defence, without a firewall, encryption, or storage that is physically offline as insurance, is too flimsy a guarantee when it’s your data at stake. Even assuming that the cloud owners have the very best intentions, there have been any number of cases where private information has been collected accidentally. In probably the best known of these, Google Maps cars were found to have been harvesting and storing data from unencrypted Wi-Fi networks, a fact that wasn’t discovered until a few years later. While this may plausibly have been a “mistake,” as Google claimed, no one disputes that the data was collected. But in fact there was some skepticism about whether this really was an accident, and the plot thickened when the Federal Communications Commission accused the company of obstructing an investigation into whether its actions had violated US law.

Easy wipes...

Data that you store in the cloud, not being in your physical possession, can be taken away from you in the blink of an eye. This may be the result of some bureaucratic mix-up—as was apparently the case a few months ago, when the full contents of someone’s Kindle were deleted by Amazon. But that’s of little comfort if you have to engage in an expensive legal battle or media campaign just to prove your innocence and get back the books that you’ve bought and paid for. (In the Kindle episode, during one round of correspondence with Amazon, the customer was snarkily told, “We wish you luck in locating a retailer better able to meet your needs.”) What does it mean to “own” something when it’s stored on someone else’s cloud server and can be wiped, possibly erroneously, with the flip of a switch? This is not ownership in any traditional sense of the word. In all fairness, EULAs often refer to it in other terms, but in most customers’ eyes that’s so much legal mumbo-jumbo, if they read it to begin with.

It’s quite likely that your data is safer on the hard drive of your home computer than on a cloud server. If you were a member of a terrorist group or some other miscreant, which would you choose to hack into? A cloud server is a far juicier and more attractive target than a random civilian’s 500GB "Macintosh HD". And given the much greater complexity of cloud storage, and the fact that it’s actually intended to be accessible to pretty much everyone, it’s not completely implausible that someone throwing all their resources at the problem might be able to find a tiny, exploitable hole.

Outage outrage

Finally, with the cloud you’ve got to trust someone else’s technology. You might laugh at the suggestion that your puny laptop is more sound than the world’s biggest server farms, but I know I’ve had almost no downtime on my MacBook in the past year, while both Apple and Google have experienced multiple cloud outages, affecting countless users. Imagine having your entire music and book collections suddenly vanish into thin air for two, three, six hours. This can mean anything from the minor convenience of being without your tunes for an afternoon to blowing a major presentation or webcast.

Having your music or ebook library compromised for any of the reasons given above is an inconvenience, albeit a potentially huge one. But that inconvenience is dwarfed by the risks you entail if you store your own data in the cloud. You don’t have to be paranoid to worry about having your private correspondence, tax documents, personal photos, or business plans on someone else’s computer — “someone” in this case being a monolithic company that might make any of a thousand mistakes. One of those mistakes might cause your files to be deleted, accidentally released, hacked, or snooped into, or your access to be taken away.

The glimmer of hope is that, for the most part, no one’s forcing you to go to the cloud. But it’s not outside the realm of possibility that at some point you won’t even have the choice. Already, on my iPhone, I find that using iCloud is much easier than not, making for a somewhat painful opt-out process. The next step might be to make things “simpler” still by making it yet more difficult to opt out. Considering what so many large ad-driven firms are known to be doing with cookies, “likes,” online-shopping data, demographic profiles, and “follow” information, there’s no question that the financial incentive to move people to the cloud is there.

All of this is almost enough to make me doubt the wisdom of going digital with so much of my media in the first place. It’s reassuring to know that you’d need a van, a team of strong movers, and a good couple of hours to haul away all my LPs. But if all that music were stored in the cloud, a simple invocation of the Unix rm command could make it disappear in a couple of milliseconds. ®

3 Big data security analytics techniques

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Kingston DataTraveler MicroDuo: Turn your phone into a 72GB beast
USB-usiness in the front, micro-USB party in the back
AMD's 'Seattle' 64-bit ARM server chips now sampling, set to launch in late 2014
But they won't appear in SeaMicro Fabric Compute Systems anytime soon
Microsoft's Nadella: SQL Server 2014 means we're all about data
Adds new big data tools in quest for 'ambient intelligence'
BOFH: Oh DO tell us what you think. *CLICK*
$%%&amp Oh dear, we've been cut *CLICK* Well hello *CLICK* You're breaking up...
Inside the Hekaton: SQL Server 2014's database engine deconstructed
Nadella's database sqares the circle of cheap memory vs speed
prev story

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.