My grandpa used to tell me that although you should reach for the clouds you should also always keep your feet firmly on the ground else your success will not last long. He never saw a cellphone in his lifetime let alone the various high-tech gadgets which are a part of our everyday lives now but the wisdom still holds true. Bruce Schneier, CTO of Resilient Systems, echoed the sentiment in a presentation at the RSA Security conference when in a talk about the security tradeoffs made when choosing whether or not to move systems or data to the cloud.
Schneier was speaking about the security concerns of cloud computing and cloud technology. Many businesses and individuals are migrating servers, applications, and data to the cloud. Some pundits and security experts might take a firm stance on one side or the other—the cloud is either evil, or it’s the greatest thing to happen to the Internet since the Web browser. Schneier is more pragmatic. He is like the wise guru of information security—able to see both the pros and the cons, and equally adept at seeing through the smoke and mirrors of security theater. It’s not that there’s a “right” or “wrong” answer when it comes to embracing cloud technologies. It’s that there are tradeoffs and you have to know what you’re gaining or giving up in order to make an effective decision.
There are many advantages to keeping your data in the cloud. You can access it from virtually anywhere and on any device, which also enables more seamless collaboration among multiple organizations, teams and individuals scattered across the country or around the world.
That is a very convenient and practical for routine business interactions but for those who care about their data and its confidentiality, it could be a big trade off too. When your data or applications are in the cloud they are no longer under your sole and direct control. The data might be stored in a different corner of the globe subject to the laws and jurisdiction of the local authorities.
Schneier explained that he hosts his email on his own computers to keep it is safe from the prying eyes of government and other authorities. However this also means he surrenders the ability to access his email from any device, and that there are features and capabilities provided by a service like Google Mail that doesn’t have.
Should everyone take that route? Not necessarily. Schneier stressed that it depends on what your security needs are and who you’re worried about defending against. He noted that Google Mail is probably very effective at blocking your content from cybercriminals and foreign nations, but may respond to requests from US government and law enforcement authorities without even notifying you. The value of the tradeoff is a function of the risks and rewards, which are subjective based on each organizations needs.
Schneier’s point—which is true about every aspect of computer and network security—is that you have to concede or compromise certain points in order to take advantage of others. There are tradeoffs to be made whether you choose local, networked or cloud computing. Which tradeoffs make sense depends on the security and privacy concerns of each organization or individual.
There is no single answer for this and you have to decide for yourself. Cloud computing is undoubtedly a great choice due to the advantages it offers like flexibility, mobility and global control but it is not suited for extremely confidential data or situations where you cannot risk your digital property being left at the mercy of some remote server located in an unknown nook and corner of the world.