Cloud concerns – security

Cloud concerns – security

OK, this one’s a biggie. For many, security is the biggest Cloud turn-off. Drawings are valuable property, and the thought of putting them up on the Internet is enough to give some people nervous twitches. I see two major worries:

  1. Is my property safe from destruction?
  2. Is it safe from unauthorised access (copying, modification, theft)?

There are at least a couple of ways of looking at this:

  1. If you’re worried about data destruction, back up! You should be doing that anyway, regardless of where you store your stuff. Most people are comfortable enough with Internet banking, or at least using a credit card to make Internet purchases. The security of a major Cloud infrastructure provider is likely to be better than that of your own in-house infrastructure. It’s certainly a lot better than email, and almost everybody emails drawings about the place without even thinking about it. Plus, you can use Cloud security features to restrict access to your drawings in ways that you have no hope of doing if you’re emailing your drawings to other parties. So what are you worried about?
  2. Isn’t one of the supposed benefits of Cloud storage that backups are all taken care of for me? Putting my designs in the Cloud doesn’t remove any risk if I also need to store my own backups. However, it adds extra and unnecessary risk. Amazon (Autodesk’s Cloud infrastructure provider) irretrievably lost some of its customers’ Cloud data just a few months ago. There are many, many instances of supposedly secure sites being infiltrated by hackers. You’d have to be very unlucky to have somebody that wants your designs intercept your email, but a static site that is known to contain millions of dollars worth of drawings is a huge and tempting target. Putting your designs on the Internet isn’t like locking your diamonds in a bank vault, it’s like putting them on the dashboard of your car, parking it in the seediest part of town, then hoping nobody breaks a window. Sure, you might be lucky, but why take the risk?

Which side do you fall on? Is Cloud security a dealbreaker or no big deal?

9 Comments

  1. > Is it safe from unauthorised access (copying, modification, theft)?

    Years ago, when I thought the Inventor product might go somewhere,I made several specialty textures that somehow became part of the shipping product. Sure independent development was possible, pixel by pixel, exact duplicates, but… So, whats in place to protect my, or my client’s data from being similarly flattered – or de-clouded? JAD – Just another deal breaker. -Bill

  2. Dave Ault

    It is a deal breaker for all the numerous reasons mentioned by many for the last year or so. Reliability, costs in addition to what I allready have as the cloud will end up costing more, and that pesky little thing called security. The one my customers hold me accountable for. No, no and no.

  3. ralphg

    Pro-cloud advocates, like Autodesk, love to use the banking-on-the-Internet example, but the analogy is critically flawed. Here’s the difference that Autodesk does not talk about:

    – Bank deposits are insured against loss; in our jurisdiction, we have 100% deposit insurance among credit unions. (My son lost $400 from his acct through debit card skimming, and the bank reimbursed him fully.)
    – Credit card transactions are covered against fraud (including Internet fraud) by credit card companies. There might be a $50 deductible, but in practice it is usually waived.
    – In contrast, cloud vendors state specifically that they not guarantee data deposits.

    The government, banks, and credit card companies go out of their way to create a sense of trust in using these “ambiguous” cloud banking services. The reluctance of cloud data vendors copy this existing model is not helpful to their cause. I understand that it is easier to replace $$ than data, but that’s a problem for cloud vendors to solve. In the meantime, they can create trust by taking responsibility for their services, instead of ducking it.

  4. R. Paul Waddington

    I (personally) think Steve, “Cloud security” is understood well enough to mean secure but not perfect and, in actual terms, factually out of the control of the user. So for many potential users, the issue is to ensure they understand just what “out of their control” means to them/their business and to plan accordingly.

    Additionally, it concerns me when I hear the “it’s safer than you own” arguments because this invariable ignores the responsibility component. One may/can argue a vendor’s Cloud servers are “safer/more secure” than the backup and fire safe secured media I use. However, should my system fail, it is my responsibly; I know that, so do my customers and so do the Cloud vendors. That understanding brings us to an obvious conclusion: acting responsibly and being held responsible matters, must be taken into account, and is a part of running a business with integrity.

    My integrity, yours and all Cloud vendors’ integrity hangs on the preparedness of each to accept responsibility for their actions, services and or failures. It is patently obvious, to those with their eyes open, Cloud vendors currently DO recognize the fact they cannot offer a flawless service. This is reflected in their attempts to “pass the buck” using irresponsible terms and conditions and their un-willingness to openly discuss their security issues and, more importantly, place on the record just how far they are prepared to go in reimbursing a customers losses they, or their systems, may have caused.

    The deal breaker is not that the Cloud is insecure; for business large or small, the deal breaker is the lack of responsibly, and accountability, of the Cloud vendors.

    You Steve have covered the Cloud very fairly and I’m with you; I can see the benefits and the pit falls just as I can see the dangers of now driving to a customers. But, I will still drive knowing there are a set of rules to follow and to use as a reference when/if “something” goes wrong. I will continue to use banking services, as I do, knowing they are not infallible, because there is also a set of rules they/I must follow as part of a wider regulation of their industry.

    Software/Cloud vendors are unregulated, un-accountable and employ the weakest links in the security chain; their management and staff. For these reasons, I believe, the time has come, for those of us willing to comment and discuss the security/accountability and responsibly issues of the Cloud to focus our attention(s) squarely on the vendors, to force them into the open, to extract some serious commitment to their customers.

    A major component of a secure Cloud system is transparency and accountability.

    If Cloud vendors, their management and staff, are not prepared to be held fully accountable for their failures they have neither credibility nor integrity and as a result no reputable business (customer) should entrust their IP to Cloud vendors’ management/staff and or use their services.

  5. >how far they are prepared to go in reimbursing a customers losses they, or their systems, may have caused
    If they acknowledge a bit of the liability, any major hardware fault would easily knock even the most wealthy vendor out of existence, not to mention it would top any generated revenues. They won’t do this under a gun barrel.

    The CAD cloud will continue to be essentially a useful technical advancement financed from users’ own increased risks, on top of conventional fees. Pretty much like any other advancement.

  6. Steve, I’m with you on this. While I am a cloud enthusiast, I find it very difficult to let go of my property. Emails, images, scripts and drawings that I create are my property. I can’t get passed the aversion to letting them exist in the cloud that I have no control over. Is it secure, is Autodesk mining my property, will I be able to get it when I need it? A better solution would be for Autodesk to provide a gateway to my WebDAV server.

    I’m excited about the cloud. I’ll use the cloud for it’s features. I won’t store tons of files on there for an indefinite time period…

  7. Gents,

    I’d like to ask your opinion about the approach we developed at Inforbix for the cloud. The actually customer data (CAD files, etc.) is not transferred to the cloud. At the same time, we use cloud to effectively index and organize the access of users to the CAD files, bill of materials and other product information located in the company. More about our approach is here —

    http://www.inforbix.com/inforbix-cloud-security-explained/
    http://www.inforbix.com/technology/

    I appreciate your opinion.
    Thanks, Oleg

  8. Steve, our product is a software running from the cloud. This is how we decided to make it available for customers, for the moment. Our servers are running from our data center servers or from Amazon EC2. However, from the pure technological standpoint, our servers can run inside of your company on local servers. Please, let me know if you have more questions. Best, Oleg

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.