That is the question!
The term “cloud” has been used for several years now to give substance to the mystery of where and how data is stored on servers connected to the Internet. A lot of business people are uncertain about trusting the cloud to store anything, and those doubts were reinforced recently when a notable hack of Apple’s iCloud service was uncovered. It was an intrusion into the accounts of hundreds of celebrities whose personal – and sometimes naughty – pictures were stolen and posted to numerous public websites.
Initially believed to a vulnerability in the iCloud service that was exploited by hackers, Apple’s own security team quashed that speculation pretty quickly and instead focused on the fact that the accounts in question were subjected to repeated attempts to compromise passwords and gain access, a plain-Jane brute force attack, the kind that occur a million times a day on the Internet. The difference here was that the hackers seemed to have been more sophisticated in targeting a community of celebrities that probably had similar habits so it was easier to crack their security.
Regardless, the breach of thousands of private pictures and videos has done little to reassure skeptics of cloud services, but that really shouldn’t be the case. The way that this information was stolen is no different than any other form of theft; you find a weakness in the security – in this case, the kind of passwords being used by the victims – and you exploit it.
You need to understand that there are different forms of cloud services, and they generally fall into three categories: public cloud, private cloud and hybrid cloud.
The public cloud is the one with which most of us are familiar. These are companies, like Apple, Google, Salesforce and Microsoft, who host services on their servers that they make available to the public, sometime for free and sometime at a cost. You essentially subscribe to their services.
The private cloud is different. In this case, a business decides that it wants to host one or more of its servers in the cloud to save on cost and minimize risk because the hosting company takes the bulk of the responsibility in maintaining the environment, including the hardware and datacenter. In a nutshell, private cloud is generally a cheaper alternative to building and maintaining your own datacenter.
A hybrid solution is the one that most people embrace because it combines the best of both worlds. A business puts those services that make sense into the cloud, like email, while keeping more business critical applications, like an accounting system, on a server in the building.
In all cases, security should not be high on the list of concerns when considering moving to cloud services, especially if you are looking to using one of the big boys, like Microsoft or Google. In almost all cases, the security concerns should be the same as they are with any normal network: make sure you have good policies in place, good security practices that are enforced, and train your users to be smart with their passwords and other access credentials.
The cloud is the future so you better figure out your cloud strategy sooner rather than later. Let us know if we can help.
