Security: are you comfortable sharing your information with ‘the cloud’?
By Ben Robinson on Monday, November 10th, 2008 at 3:49 PM PST In Security, Services, The Digital Life
There is a growing trend, which you might have noticed (would be hard not to!), for companies to offer ‘cloud computing’ services – Google (NSDQ: GOOG) have been there for a while, Apple (NSDQ: AAPL) recently relaunched theirs, and Microsoft (NSDQ: MSFT) have now put their play out there too. And that is just the big three, as opposed to the hundreds and thousands of niche services that exist too….
… but for me there is still one uneasy question – is the security of these services good enough? I am not so much talking about your upload of info to them initially, since most services are aware that they need to provide some kind of secure mechanism to get the info/content in to their ‘cloud’ – but rather the ongoing security of that data once it’s there.
Ultimately most of these cloud computing offerings run on a ‘web services’ infrastructure – that is, they use standard web-serving hardware and software, with perhaps a bespoke application written on top. That means, simply, that they are no more resilient to being hacked than a starndard web server – at least, not on the face of things.
The difference between a web server containing a website, and a webserver containing cloud-based personal info however, is huge – the personal info may have at the minimum a sentimental/specific value to you, where as a starndard website may just contain generic info, available to all.
Again, breaches of cloud-based services are not uncommon – in an analogous situation in the UK recently, the online government gateway for a number of services was opened up to being breached, after pretty much all the information needed to split it open was lost on a USB key, carried by someone working on the project!
In that particular instance, we are lead to believe that no damage occurred, although it could so easily have been a different matter – and with amongst the most sensitive data on people being potentially exposed.
But what about those services that you personally decide to upload information to? What happens when it is your choice to put your personal data (be it contacts, calendar, emails, documents, or other) on an online service? Yes, the convenience is there, but does a company’s promise that they are “100%” secure sit well with you?
I’m interested to know, with the advent of these services, what IntoMobile readers think – have you invested in such a service (paid-for or not), have you had issues, do you consider these services to be insecure – pop us your thoughts in a comment window, we’d love to hear from you!
Although I’m STILL waiting for that activation SMS to try Nokia’s Ovi Sync here in Canada, if truth be told I’d be much more comfortable PAYING a dollar or two each month to have my PIM data online somewhere — something like mail2web.com’s Exchange Server (if it could be used with Macs) or the paid version of Memotoo.com (if it properly supported time zones and wasn’t so damn fugly).
Call me a conspiracist, but I maintain that Google is but one subpoena away from handing EVERYTHING over to Homeland Security…