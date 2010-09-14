> In the case of the big public clouds, the protection is the work of some of the world’s best computer scientists, hired out of places like the National Security Agency and Stanford University to think hard about security, data encryption and the latest online fraud.
> And they’re pretty good at keeping things safe online.
Cloud providers have employees that make mistakes and bad assumptions just like everybody else. They leverage technology that wasn't created in-house that wasn't originally built for such a large scale use case. They build their own technology that is flawed at the very least because there is no perfect software.
You should never assume that a cloud provider is better at managing anything better than you could do in house. You should verify and understand that the more popular a product is the more desirable a target it is.
Whether you are doing things in house, in the cloud, or some sort of hybrid, plan for security failures and never assume that your environments or your datasets are secure.
reply
For the purposes of security, this makes a huge difference. It's also one of the biggest flaws with the authors argument. With a service like Dropbox, Google Drive, or Office 365; your files are likely stored both locally and on their servers. This undoubtedly make your files less secure... now potential attackers have two attack vectors when they would previously only have one.
Sure, you _can_ be more secure by using these services, but you aren't more secure simply by using them.
a root level compromise on your system can see any of this stuff in plaintext as it gets shifted around.
Sure, but that was true without cloud storage, too. Worse: Without cloud storage, a root level compromise lets the attacker destroy your only copy.
However, this does not refute the argument that, with the cloud, the attacker can get at your data two places, instead of just one, thereby increasing the attack surface. (In fact, the attacker can get at it three places: in transit.)
Obligatory XKCD:
https://www.xkcd.com/908/
I do not trust anyone to house any data of mine that I consider too important or sensitive to put at risk - unless there is end to end encryption so that no one except me can access it at any time. That's about the only exception. If I am not sending the data over already encrypted, forget it. I try to do as much in house as possible.
Also, let's not forget the risk of unintended affiliations - there have been several times when law enforcement has seized drives/servers that were shared and the non-offending users that were simply sharing the resource ended up having their sites unintentionally taken offline. That may not really apply to cloud storage, but it definitely applies to shared hosting services, which are abundant and widely used. Could totally screw over a small business.
First, all your data at rest, on disk, is encrypted. You can even supply your own keys if you wish: https://cloud.google.com/compute/docs/disks/customer-supplie...
If you are using Google Managed keys, the keys are stored in a special key storage service. To access your files, a staffer would have to read the keys, then go and read the data and decrypt it. Both of these steps are extremely logged, and require Googlers to take particular, and specific steps that are audited and easy to spot (and we audit this all the time, proactively). And not every Engineer (and no non-engineers) has the access to even get to that.
Accessing user data, in any form, is a very fire-able offense, and people have been terminated over it.
Our internal controls are very robust. We spent a lot of resources on encryption and ensuring it's available at many different levels. This is one area where I feel Google Cloud is better than bare hardware, the on-disk encryption is default and cannot be turned off.
> ... that is very extremely patently false.
> Accessing user data, in any form, is a very fire-able offense, and people have been terminated over it.
what were they terminated for, if it is three-adjective false?
Right now it is hard to know whether or not what you said applies equally to other cloud providers. Also, (no discredit to you) you are a random person on the internet so your claim is far from 100% validated.
edit: spelling
As for transparency, there is a big push to increase the trust in Google Cloud. We're a big company, and it's hard to get that personal connection to build the trust. I think our blog is trying to get this info out, here is a good recent one: https://cloudplatform.googleblog.com/2017/01/how-we-secure-o...
My opinion is that Google is a very honest company. These whitepapers are our attempt to accurately describe what steps we are taking, in good faith, to ensure Google Cloud is the best, and most secure place, to do your computing on.
As a personal anecdote, I once worked for Google (and quit, and came back) about 8 years ago. The difference in how secretive we are is night and day. I can say the word 'borg' in public, and even tell you what it is. And this is accelerating under Cloud, because we know that big enterprises aren't going to use us without a lot of details and assurances.
Unauthorized "looking at data" is a good way to get escorted from the building before the end of the day.
In 2010, there had been two cases, https://techcrunch.com/2010/09/14/google-engineer-fired-secu...
I would say that I have more trust of public cloud storage here because their business' livelihood depends on you paying money for storage, something you might not do if they are snooping through your data.
That said, none of their applications are fully open source, so who knows if they can be trusted.
Wasn't Apple's iCloud hacked last year? Or was that the work of social engineering?
Edit: http://www.businessinsider.com/how-hackers-get-into-your-app...
Those that want to throw their hands up and give up on managing their network, data, and security by pushing it out to someone else to manage it thinking "it's cheaper and I can fire most of my IT staff" well that is their choice.
I wouldn't surrender my security to google or amazon at any cost, let alone the plundering of your data as they mine the hell out of it for whatever they can get.
I've never been a fan of this thinking and I never will be. I am a dinosaur.
With Cloud computing, operators frequently have access to all your data. Sometimes it is part of their business model to use it (e.g. gmail). As long as you are aware of that, no problem. They typically won't use your data for things more harmful than targeted advertising (although you should check that ToS do not give them ownership of your data...), except if you're, say, a paedophile, in which case they might tell authorities (http://www.telegraph.co.uk/technology/news/11012008/Paedophi...).
In other words, your data is typically well protected as long as the cloud provider and entities which could require access to its data (e.g. law enforcement agencies from its home country or the countries where its servers are) are not part of your threat model.
I've worked for these companies, and I have no doubt that the cloud is much more secure.
> In the case of the big public clouds, the protection is the work of some of the world’s best computer scientists, hired out of places like the National Security Agency and Stanford University to think hard about security, data encryption and the latest online fraud.
> And they’re pretty good at keeping things safe online.
Cloud providers have employees that make mistakes and bad assumptions just like everybody else. They leverage technology that wasn't created in-house that wasn't originally built for such a large scale use case. They build their own technology that is flawed at the very least because there is no perfect software.
You should never assume that a cloud provider is better at managing anything better than you could do in house. You should verify and understand that the more popular a product is the more desirable a target it is.
Whether you are doing things in house, in the cloud, or some sort of hybrid, plan for security failures and never assume that your environments or your datasets are secure.
reply