It’s probably worth pointing out that if you you have no problem emailing your designs around the place without some form of protection or encryption, there’s little point in getting all worked up about Cloud security. Email isn’t remotely secure. FTP isn’t exactly watertight, either. If you’re still interested in Cloud security issues, this post includes some relevant links you might like to peruse.
First, here’s what Autodesk’s Scott Sheppard had to say about Project Photofly (now 123D Catch Beta) security last month: Project Photofly FAQ: What about the security of my data? This covers some of the same kind of stuff I’ve already discussed, but from an Autodesk point of view (albeit a pretty transparent and honest one, as you might expect from Scott). Here are some selected quotes:
In essence, we don’t want to accept liability when we don’t take money…
We intend to have a reasonably secure service, better than email, but less secure than a bank account.
We store your files on Amazon’s S3 service, and they maintain their own physical and data security policy that is considered robust.
We reserve the right to change all or any part of these Terms, or to change the Site, including by eliminating or discontinuing the Site (or any feature thereof) or any product, service, Content or other materials, and to charge and/or change any fees, prices, costs or charges on or for using the Site (or any feature thereof).
By uploading, posting, publishing, transmitting, displaying, distributing or otherwise making available Shared Content to us and/or any Users of or through the Site you automatically grant to us and our sub-licensees…the worldwide, perpetual, royalty-free, fully paid-up, irrevocable, non-exclusive, sublicensable (through multiple tiers) right and license to have access to, store, display, reproduce, use, disclose, transmit, view, reproduce, modify, adapt, translate, publish, broadcast, perform and display (whether publicly or otherwise), distribute, re-distribute and exploit your Shared Content (in whole or in part) for any reason and/or purpose (whether commercial or non-commercial) by any and all means in any and all media, forms, formats, platforms and technologies now known or hereafter devised, invented, developed or improved.
Please note that with respect to Non-public Content, we will not authorize your Non-public Content to be made available to others on a public section of the Site, although we cannot guarantee complete security (e.g., of cloud servers).
Moving on to another Cloud security-related issue, something that Owen Wengerd raised on Twitter was the idea that:
…once data is on the cloud, it can never be deleted.
Deelip Menezes thought this whole idea somewhat loopy:
Actually I’m implying that it is ridiculous to even start thinking along those lines.
However, I see Owen’s point. Once your data is on someone else’s server, you have no control over it. You have no idea where it lives, how often it is backed up, what happens to those backups, and so on. Let’s say you place some highly sensitive design data on the Cloud. It might be commercially sensitive, or about something that represents a possible terrorist target, or just something you don’t want certain parties to know about, ever. A week later, you delete the design data. Now, is it really gone? Any responsible Cloud infrastructure vendor must regularly take multiple backups and store them securely. So you now have multiple copies of your “deleted” data floating around, who knows where? What happens to old servers when they die? Where do backup hard drives, tapes, etc. go? If backups are stored off-site, how are your files going to be permanently removed from the media?
While there may be policies, procedures and ISO standards in place, we’re dealing with humans here. If one backup copy of your data ended up in a country where a rogue employee decided to better feed his family by selling off old hard drives, your nuclear power plant plans could end up not safely deleted at all, but instead delivered into the hands of some people you’d really prefer not to have it.
This may sound like paranoid nonsense, but risk from non-deleted data is real. There was a local case where a company was illegally siphoned of funds and went bust. The company’s old internal email servers were supposedly wiped and sold off. Somebody bought them, undeleted the data and was able to pass on incriminating emails to the police. While that ended up being a good thing in terms of natural justice and it’s not even a Cloud issue, it illustrates that making sure your stuff is properly deleted can be very important. This is related to something that Ralph Grabowski mentioned on Twitter; the “right to be forgotten”. Here is a Google search that includes various links that touch on some of the struggles related to this issue.
Finally, here’s something related to the possibility of the data being accessed illegally while it’s up. You put it up there, somebody copies it, you delete it, it’s not really gone and you are none the wiser. Is that something that only tin foil hat wearers need worry about? Have a read of this article before answering that one: Cloud Services Credentials Easily Stolen Via Google Code Search. Selected quotes:
The access codes and secret keys of thousands of public cloud services users can be easily found with a simple Google code search, a team of security researchers says.
Now the team is offering one word of advice to companies that are considering storing critical information on the public cloud: Don’t.
…an attacker who knows Google and some simple facts about cloud services authentication can easily find the access codes, passwords, and secret keys needed to unlock data stored in public cloud services environments such as Amazon’s EC3.
We found literally thousands of keys stored this way, any one of which could be used to take control of computers in the cloud, shut them down, or used to launch attacks on other computers on the same service.
Here’s a PDF of the presentation, if you’re interested.