Cloud concerns – security again

Cloud concerns – security again

It’s probably worth pointing out that if you you have no problem emailing your designs around the place without some form of protection or encryption, there’s little point in getting all worked up about Cloud security. Email isn’t remotely secure. FTP isn’t exactly watertight, either. If you’re still interested in Cloud security issues, this post includes some relevant links you might like to peruse.

First, here’s what Autodesk’s Scott Sheppard had to say about Project Photofly (now 123D Catch Beta) security last month: Project Photofly FAQ: What about the security of my data? This covers some of the same kind of stuff I’ve already discussed, but from an Autodesk point of view (albeit a pretty transparent and honest one, as you might expect from Scott). Here are some selected quotes:

In essence, we don’t want to accept liability when we don’t take money…

We intend to have a reasonably secure service, better than email, but less secure than a bank account.

We store your files on Amazon’s S3 service, and they maintain their own physical and data security policy that is considered robust.

Next, here are the 123D Terms of service, which raise many of the same alarm bells I mentioned before. Selected quotes:

We reserve the right to change all or any part of these Terms, or to change the Site, including by eliminating or discontinuing the Site (or any feature thereof) or any product, service, Content or other materials, and to charge and/or change any fees, prices, costs or charges on or for using the Site (or any feature thereof).

By uploading, posting, publishing, transmitting, displaying, distributing or otherwise making available Shared Content to us and/or any Users of or through the Site you automatically grant to us and our sub-licensees…the worldwide, perpetual, royalty-free, fully paid-up, irrevocable, non-exclusive, sublicensable (through multiple tiers) right and license to have access to, store, display, reproduce, use, disclose, transmit, view, reproduce, modify, adapt, translate, publish, broadcast, perform and display (whether publicly or otherwise), distribute, re-distribute and exploit your Shared Content (in whole or in part) for any reason and/or purpose (whether commercial or non-commercial) by any and all means in any and all media, forms, formats, platforms and technologies now known or hereafter devised, invented, developed or improved.

Please note that with respect to Non-public Content, we will not authorize your Non-public Content to be made available to others on a public section of the Site, although we cannot guarantee complete security (e.g., of cloud servers).

Moving on to another Cloud security-related issue, something that Owen Wengerd raised on Twitter was the idea that:

…once data is on the cloud, it can never be deleted.

Deelip Menezes thought this whole idea somewhat loopy:

Actually I’m implying that it is ridiculous to even start thinking along those lines. 😉

However, I see Owen’s point. Once your data is on someone else’s server, you have no control over it. You have no idea where it lives, how often it is backed up, what happens to those backups, and so on. Let’s say you place some highly sensitive design data on the Cloud. It might be commercially sensitive, or about something that represents a possible terrorist target, or just something you don’t want certain parties to know about, ever. A week later, you delete the design data. Now, is it really gone? Any responsible Cloud infrastructure vendor must regularly take multiple backups and store them securely. So you now have multiple copies of your “deleted” data floating around, who knows where? What happens to old servers when they die? Where do backup hard drives, tapes, etc. go? If backups are stored off-site, how are your files going to be permanently removed from the media?

While there may be policies, procedures and ISO standards in place, we’re dealing with humans here. If one backup copy of your data ended up in a country where a rogue employee decided to better feed his family by selling off old hard drives, your nuclear power plant plans could end up not safely deleted at all, but instead delivered into the hands of some people you’d really prefer not to have it.

This may sound like paranoid nonsense, but risk from non-deleted data is real. There was a local case where a company was illegally siphoned of funds and went bust. The company’s old internal email servers were supposedly wiped and sold off. Somebody bought them, undeleted the data and was able to pass on incriminating emails to the police. While that ended up being a good thing in terms of natural justice and it’s not even a Cloud issue, it illustrates that making sure your stuff is properly deleted can be very important. This is related to something that Ralph Grabowski mentioned on Twitter; the “right to be forgotten”. Here is a Google search that includes various links that touch on some of the struggles related to this issue.

Finally, here’s something related to the possibility of the data being accessed illegally while it’s up. You put it up there, somebody copies it, you delete it, it’s not really gone and you are none the wiser. Is that something that only tin foil hat wearers need worry about? Have a read of this article before answering that one: Cloud Services Credentials Easily Stolen Via Google Code Search. Selected quotes:

The access codes and secret keys of thousands of public cloud services users can be easily found with a simple Google code search, a team of security researchers says.

Now the team is offering one word of advice to companies that are considering storing critical information on the public cloud: Don’t.

…an attacker who knows Google and some simple facts about cloud services authentication can easily find the access codes, passwords, and secret keys needed to unlock data stored in public cloud services environments such as Amazon’s EC3.

We found literally thousands of keys stored this way, any one of which could be used to take control of computers in the cloud, shut them down, or used to launch attacks on other computers on the same service.

Here’s a PDF of the presentation, if you’re interested.

4 Comments

  1. Even if there were no other concerns at all (trust, SLA, T&C), I would imagine the security aspect will keep most smart companies from initially heading down this road. But there will always be those that for whatever reason, have no or little concern for any of these issues and will participate gladly.

  2. The scenarios you discuss in this post reminded me of the Rebellion getting the plans to the Death Star in Star Wars. Although amusing, these anecdotes are very real and should be taken seriously when dealing with critical/sensitive data. It is important for any and all organizations to have a data management plan for dealing with old/archived files. Proper disposal methods are important on many levels.

  3. Any company working on a government project would find it difficult to get buy-in for public cloud, for obvious reasons, while projects that might reveal sensitive information about the client’s activities would also be unlikely to gain approval for this type of service. Given the scale of the two sectors in the market (more than 50% ?) this limits the potential users significantly.

    If you add in the doubters who are wary of the cloud, you are left with a fairly small target audience who might potentially take up cloud subscriptions.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.