In the space of a few years the cloud has gone from a concept talked about in esoteric circles to a product to which everyone has access. Mark Fletcher looks at what is on offer and discusses the merits of local versus remote storage and what sort of security you need to consider.
When this article was being written in Microsoft Word, it not only lived on my hard drive, but also on a OneDrive server, which could have been anywhere on the globe as far as I knew. The peace of mind this gave me was immense; I knew that if my computer blew up, I could still get access to my work in progress.
Now I am a natural pessimist, so the whole idea of someone else helping me to not really foul things up comes as a great relief, but I know that this is not a mind-set shared by everyone. My choice of OneDrive was initially driven by its easy integration with the latest version of MS Office and, if I am honest, the price plan Microsoft offered for additional storage. Google and DropBox (and many others) now offer fairly similar pricing structures, so the choice is out there.
Cloud storage is a no brainer. It is much like having access to a network drive, but one that is nowhere near you geographically. The main issue people have is the fact that they are entrusting their data with someone else and, like any issue revolving around personal information, can they trust that other person?
The Cloud has not had an easy ride on the privacy front. The recent leak of highly personal photographs belonging to many Hollywood celebrities bought security into very sharp focus a few months back. But it turns out that it was primarily an issue with user passwords rather than the security of the depository. Much like phone hacking and router passwords, if you don’t change the default password you could very easily be in a whole heap of trouble.
So, is the cloud secure? In a word, yes… but with the caveat that your account is only as strong as your password.
Most cloud solutions will offer a raft of security measures, including 2-step authentication via an app, phone and/or email verification and, down at the simplest level, a traffic light system to tell you how secure your password is. Encryption is, of course another barrier, with many sites offering encryption services. Mega.co.nz goes one step further by offering encryption by client devices, i.e. they don’t hold the encryption key, you do.
With all of these considerations taken into account, most of the major players will offer you a perfectly acceptable solution, with many of them offering ties-ins to office products and existing or additional enterprise infrastructure.
Going back to the earlier thought about hosting your data on a remote server and trusting it to someone you have never met, there is another course of action and that is to host the cloud storage yourself. In many instances some organisations will already have significant data-capacity capabilities, especially if they have multiple users. Simple server/client relationships work well in this instance, when you are on the same network that is, but many of the cloud solutions offer an equally attractive remote interface if you are working from home or another office, and it is these aesthetics, coupled with ease of use that make them attractive.
Once company that delivers the best of both worlds is Varonis and its Datanywhere solution. Datanywhere gives users full file syncing capabilities and mobile access, but with their data stored in a private cloud. The University of Liverpool in the UK has recently deployed a Datanywhere solutions and I spoke to Andrew Williams, Systems Manager at the University of Liverpool to understand his thoughts behind the adoption of this approach.
“We already had significant storage in place, with both staff and students having a very generous capacity. We also had the capability to give them remote access, but it was never particularly user friendly, being cumbersome and prone to simple syntax errors. Then Dropbox came along and gave staff and students alike the ability to share data with external parties. We saw lots of installs and offered staff and students the local admin rights to install the software, along with others from Microsoft and Box.net, for example.”
After a while, the university realised that this multi-platform approach, although effective, created many disparate data sources and a more suitable option was sought. “In 2012 there wasn’t really an enterprise offering that fitted the bill,” Williams explains, “but we did keep looking. Then, all of a sudden Varonis appeared on our radar and we realised that it was a good fit for us.
“As well as addressing the issues of the current approach – operating across isolated pools using multiple storage solutions – we realised that Datanywhere also kept the data in-house and it would not be lost if someone left. When people leave the university, it is virtually impossible to retain or even revoke access to data stored in uncontrolled repositories.” he explains.
At this point Williams is keen to point out that the data does remain completely private and remains the property of the individual, but in certain mitigating circumstances the University could gain access. “In a university this is not really a primary selling point,” he elaborates, “but out in industry it is important for companies to keep data accessible, in house and secure, especially when privacy is not so much of an issue due to the nature of the data being stored. In addition to the data being vulnerable offsite, concerns of document version control needed to be addressed.”
The university is not making the switch to Datanywhere compulsory, but what has surprised Williams and his colleagues is that despite this deployment choice, the uptake of software from both staff and students has been far in excess of expectations. “Collaboration with external parties is through a web interface,” Williams explains, “they get e-mailed a link and a code they can then upload and download files and work collaboratively. One thing we really liked is the security – it’s all audited, so we can see who sees what, when they see it and how they see it.”
Williams then goes on to mention another of the issues with an external cloud approach. “With enterprise cloud systems you have third-party issues. Microsoft is currently trying to access data stored in Ireland, which is currently against EU rules. The whole big brother concept, especially relating to data snooping is a real issue. As an individual, concerning my private data, I am not that bothered, but the university is an information business and, as such, its data can be extremely sensitive.”
There are obviously decisions to be made with regards to your data storage strategy. If you have capacity, keep it in house, if you don’t, either buy that capacity or work with someone that does have it in the cloud. There is no wrong a right answer here as both solutions have their merits and will either match or conflict with your needs and business model. The remote cloud works for me, while Datanywhere and its “local cloud” works for the University of Liverpool. We are two distinctly different entities, but we both want the same thing… and we get it.
This article was published in ‘Security Buyer‘, published by Hand Media