Part 3 – Cloud Storage
Would you put your data in a bus station locker and hand out keys to those you want to share it with? Maybe.
What purpose would this serve? What if you have data that you want other people at other organizations to be able to access? What if you need access to your data when you are traveling? Maybe you have friends or family members that you will share files with. OK, so a bus station locker is stretching a bit for a comparison to internet availability but it is not such a stretch from a security perspective. Let’s take a look at “the Cloud” as a bus station locker.
So you put your data in the locker and close the door, then you give out locker keys to all the folks you want to be able to open the door and look at your data. It’s easy for them to put in their key and take a look. The problems starts here because every person that opens the door sees ALL THE DATA. You may only want to share certain things with certain people but you only have one locker door.
OK, so some services do let you grant different users, different permissions. So let’s say you have a locker with multiple compartments and only certain keys open certain compartments. Now you are able to limit who sees what. All is fine then right? WRONG! While they are in different compartments they are all in the same locker. Let’s suppose some curious outsider decides they want to see what you are sharing with someone else, so they pry away at the compartment walls and manage to break thru, now they see some data that was not meant for them.
In the realm of cloud storage this “Prying” at the compartment walls could be in the form of password guessing, or exploiting a vulnerability in the service provider’s software or interface. The point is, once they are in, they see it all. It’s not encrypted data because that would defeat the whole purpose of using the cloud service for sharing files in the first place. Now what?
It only gets worse from there. Keep in mind that your data is effectively being stored in a PUBLICLY ACCESSIBLE bus station locker. This means that any passerby can pry away on all the compartments until they pop one open to see your data. Then they can steal, corrupt or delete your data as they see fit. This is actually a very good analogy to cloud storage security with one exception in favor of the bus station locker. At least in the bus station there is a security camera and regular police patrols so it is not likely that the bad guys will be free to pry on the doors 24×7. This is not true on the internet. Once you put your data in a public facing cloud storage service it is available to be pried on 24×7 until someone eventually finds a way in!
So earlier in this article I asked the question “Would you put your data in a bus station locker and hand out keys to those you want to share it with?”
To which I answered “Maybe”
Maybe you think that would be nuts now! Actually using cloud storage can be very useful, I would just caution you not to put anything in there that you would not want to be made public. No critical business information, no personal or financial information and NO NUDE PICTURES!
Click here for the summary of the Security and “the Cloud” series.