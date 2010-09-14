Hacker News new | comments | show | ask | jobs | submit login
‘Where Does Cloud Storage Really Reside? And Is It Secure?’ (nytimes.com)
27 points by dnetesn 1 hour ago | hide | past | web | 39 comments | favorite





This feels like a puff piece.

> In the case of the big public clouds, the protection is the work of some of the world’s best computer scientists, hired out of places like the National Security Agency and Stanford University to think hard about security, data encryption and the latest online fraud.

> And they’re pretty good at keeping things safe online.

Cloud providers have employees that make mistakes and bad assumptions just like everybody else. They leverage technology that wasn't created in-house that wasn't originally built for such a large scale use case. They build their own technology that is flawed at the very least because there is no perfect software.

You should never assume that a cloud provider is better at managing anything better than you could do in house. You should verify and understand that the more popular a product is the more desirable a target it is.

Whether you are doing things in house, in the cloud, or some sort of hybrid, plan for security failures and never assume that your environments or your datasets are secure.

> For the people running the computers, it doesn’t really matter where the data or the programs are at any one moment: The stuff is running inside a “cloud” of computing capability.

For the purposes of security, this makes a huge difference. It's also one of the biggest flaws with the authors argument. With a service like Dropbox, Google Drive, or Office 365; your files are likely stored both locally and on their servers. This undoubtedly make your files less secure... now potential attackers have two attack vectors when they would previously only have one.

You don't need to sync Drive to your own storage. I don't. Do Dropbox and Office require that?

It isn't a requirement, but they all provide apps that allow you to sync, and when you download any file, you're downloading a local copy of them. The people who know how to properly secure files aren't the same people reading and deriving value from this article.

Sure, you _can_ be more secure by using these services, but you aren't more secure simply by using them.

I know Dropbox at least has a selective sync option, you can choose which folders are to be synced with the local machine. The gotcha being that when you uncheck a folder it deletes that folder from the local file system.

those documents exist in some form, either partial or whole, in your local system memory, video memory, and probably a filesystem cache of some sort. they also traverse your network subsystem and other IO buffers/subsystems.

a root level compromise on your system can see any of this stuff in plaintext as it gets shifted around.

> a root level compromise on your system can see any of this stuff in plaintext as it gets shifted around.

Sure, but that was true without cloud storage, too. Worse: Without cloud storage, a root level compromise lets the attacker destroy your only copy.

However, this does not refute the argument that, with the cloud, the attacker can get at your data two places, instead of just one, thereby increasing the attack surface. (In fact, the attacker can get at it three places: in transit.)


Ofcourse it matters where the data is at any one moment.

Obligatory XKCD: https://www.xkcd.com/908/

It "matters" but it's not your problem to solve, as a user.

Thinking that "secure" is a boolean is fundamental misunderstanding of security.

Yes, I'm reminded of this fairly well known quote within the security world - "security is a process, not a product".

I do not trust anyone to house any data of mine that I consider too important or sensitive to put at risk - unless there is end to end encryption so that no one except me can access it at any time. That's about the only exception. If I am not sending the data over already encrypted, forget it. I try to do as much in house as possible.

Also, let's not forget the risk of unintended affiliations - there have been several times when law enforcement has seized drives/servers that were shared and the non-offending users that were simply sharing the resource ended up having their sites unintentionally taken offline. That may not really apply to cloud storage, but it definitely applies to shared hosting services, which are abundant and widely used. Could totally screw over a small business.

But the question, to my mind, is whether putting stuff on the cloud is going to be more or less secure than handling it yourself. Depending on what people and resources you have, it may well be more secure.

'Is it secure?' is a question from a reader, hence the quotes. The author's answer is not boolean, it is "yes, it’s probably more secure than conventionally stored data."

The thing that bothers me is employees inside these companies can look at your data... not that there might be some unknown "hacker" grabbing it. Sure I can encrypt everything myself but I sometimes forget to do it and then it's a pain to share that with anyone.

reply


As an engineer on cloud, at Google, that is very extremely patently false.

First, all your data at rest, on disk, is encrypted. You can even supply your own keys if you wish: https://cloud.google.com/compute/docs/disks/customer-supplie...

If you are using Google Managed keys, the keys are stored in a special key storage service. To access your files, a staffer would have to read the keys, then go and read the data and decrypt it. Both of these steps are extremely logged, and require Googlers to take particular, and specific steps that are audited and easy to spot (and we audit this all the time, proactively). And not every Engineer (and no non-engineers) has the access to even get to that.

Accessing user data, in any form, is a very fire-able offense, and people have been terminated over it.

Our internal controls are very robust. We spent a lot of resources on encryption and ensuring it's available at many different levels. This is one area where I feel Google Cloud is better than bare hardware, the on-disk encryption is default and cannot be turned off.

> > The thing that bothers me is employees inside these companies can look at your data...

> ... that is very extremely patently false.

> Accessing user data, in any form, is a very fire-able offense, and people have been terminated over it.

what were they terminated for, if it is three-adjective false?

Thank you for answering this question! I wish cloud storage providers would be much more transparent about their security to allow user's to decide which option provides them with the proper security.

Right now it is hard to know whether or not what you said applies equally to other cloud providers. Also, (no discredit to you) you are a random person on the internet so your claim is far from 100% validated.

edit: spelling

That's fair - random person on the internet, I get it. I have common usernames on the various services you know and love, so feel free to dig about.

As for transparency, there is a big push to increase the trust in Google Cloud. We're a big company, and it's hard to get that personal connection to build the trust. I think our blog is trying to get this info out, here is a good recent one: https://cloudplatform.googleblog.com/2017/01/how-we-secure-o...

My opinion is that Google is a very honest company. These whitepapers are our attempt to accurately describe what steps we are taking, in good faith, to ensure Google Cloud is the best, and most secure place, to do your computing on.

As a personal anecdote, I once worked for Google (and quit, and came back) about 8 years ago. The difference in how secretive we are is night and day. I can say the word 'borg' in public, and even tell you what it is. And this is accelerating under Cloud, because we know that big enterprises aren't going to use us without a lot of details and assurances.

My stint at Google led me to feel more happy about storing data there, not less. The sentiment wasn't uncommon among my coworkers.

Unauthorized "looking at data" is a good way to get escorted from the building before the end of the day.

It's not allowed or condoned, but they can.

In 2010, there had been two cases, https://techcrunch.com/2010/09/14/google-engineer-fired-secu...

reply


Yep. This was after that, and after the reaction to that.

One thing every cloud storage company could do here is be explicit about what data is and isn't encrypted at rest (I'm assuming all data is encrypted in transit), and what data is accessible to what group/number of people.

I would say that I have more trust of public cloud storage here because their business' livelihood depends on you paying money for storage, something you might not do if they are snooping through your data.

Some companies are explicit, e.g. Backblaze, Code42/Crashplan, Mega.nz, and Tarsnap.

That said, none of their applications are fully open source, so who knows if they can be trusted.

Even if open source, we don't have a way of validating if the version running on their servers is the same or modified somehow.

reply


This is a very good point, often overlooked.

> None of the most catastrophic hacks have been on the big public clouds.

Wasn't Apple's iCloud hacked last year? Or was that the work of social engineering?

reply


Social engineering, IIRC.

Edit: http://www.businessinsider.com/how-hackers-get-into-your-app...

It was the same kind of hack as the "Russian election hack". Poor password practice led to routine unauthorized access of individual accounts. Guessing or stealing somebody's password is not usually a hack.

reply


Plus iCloud is known to have heavily leveraged S3 and other services for its actual storage.

Nice layman explanation of cloud storage. I think it would've been worthwhile to add something about how difficult security is, and how cloud storage makes it easier to keep your data secure (at a cost).

Cloud computing, is another attempt in a long line to consolidate network resources. It was attempted, and failed, with X terminals, network computers, java stations, etc.

Those that want to throw their hands up and give up on managing their network, data, and security by pushing it out to someone else to manage it thinking "it's cheaper and I can fire most of my IT staff" well that is their choice.

I wouldn't surrender my security to google or amazon at any cost, let alone the plundering of your data as they mine the hell out of it for whatever they can get.

I've never been a fan of this thinking and I never will be. I am a dinosaur.

I wouldn't downvote OP, he clearly recognizes that his own vision is an old one, and by far not the mainstream.

So what do you do for internet access? You do realize that whoever is giving it to you can plunder your data as they mine the hell out of it for whatever they can get, right?

Really? All my ZFS pools sitting encrypted and on a private network not attached to the internet in general in my home/office? They can mine that? Wow I am impressed!

There is no "cloud", there are "servers you don't control".

"You" also don't control your servers if you have them maintained by a local IT outsourcing firm (as thousands of businesses with onsite domain controllers, file, and Exchange servers did in my small Rust Belt city). Said IT firm probably has a big KeePass vault on a shared folder whose password is known to 30+ technician, and it also probably sold the boss on setting up remote access to save on technicians driving around.

I've worked for these companies, and I have no doubt that the cloud is much more secure.

And there's no "internet", there are "cables you don't control".

It's slightly different, because as long as what goes through them is encrypted you don't really care about the pipes. Well, you should still care about the metadata, but it's not exactly the same issue.

With Cloud computing, operators frequently have access to all your data. Sometimes it is part of their business model to use it (e.g. gmail). As long as you are aware of that, no problem. They typically won't use your data for things more harmful than targeted advertising (although you should check that ToS do not give them ownership of your data...), except if you're, say, a paedophile, in which case they might tell authorities (http://www.telegraph.co.uk/technology/news/11012008/Paedophi...).

In other words, your data is typically well protected as long as the cloud provider and entities which could require access to its data (e.g. law enforcement agencies from its home country or the countries where its servers are) are not part of your threat model.

Indeed! But even further, "cables who control you"... well, "only" monitor... for now ;-).

