Two Kinds of Data Security

Have you heard about cloud computing? (I ask somewhat ironically, as I am composing the first draft of this post on Google Documents.) It’s one of the latest buzz words in computing. Think of those cute little netbook portable computers you’re seeing: they don’t have a very large hard drive (by today’s standards) because they rely on access to the Internet for their most advanced applications. Carry your computer everywhere and access everything you need via wi-fi.

In theory it’s not a bad idea. Indeed, it works for many people–somewhere between a smartphone and a laptop in size, portable, able to access your e-mail, social networks, and almost any other Internet application from anywhere. And when you want a larger screen or a full-size keyboard, access the same sites from a desktop or laptop computer. Everything exists in the “cloud” of servers and services that make up the Internet.

Having any qualms yet? I did. Sure, e-mail requires the Internet–it can’t exist on a stand-alone computer. And I have no problem with drafts for my blog or class paper living on Google Docs. But don’t tell me to put my financial records online.

“It’s secure!” the cloud’s supporters say. True, but there are two kinds of data security. Cloud computing is very secure in one sense, not as secure in the other sense. So if you’re thinking about how you might make use of the cloud for either business or personal computing, you need to understand what the two kinds of security are.

Security Against Data Loss
The kind of security that cloud computing does very well is security against data loss. No matter how well you back up your own data files (and you definitely ought to), it’s nothing compared to how Google or Microsoft Office Live or some other cloud providers back up their servers. They have multiple servers in different locations and back them up via dedicated communication lines almost instantaneously. Google, for example, has at least a dozen data centers in the US and around the world.

Indeed, when my laptop computer was stolen a while ago I had been working on the first rough ideas for this blog. A couple of documents were created in Google Documents and they were waiting patiently for me when I got a new laptop. Another draft I’d created offline only a couple of hours before my laptop was taken was gone–I had to recreate it from scratch. The cloud is terrific for preserving data against hard drive crashes, lost or damaged external drives, and theft of hardware. It’s also very convenient if you often work from different computers; as long as you have Internet access you can get to your files.

Security Against Unauthorized Access
What the cloud does less well is protect against unauthorized people gaining access to your data. Yes, I have reasonable faith that the servers are secure. But it’s entirely too possible that someone who knew my username could hack into my account and steal my private information. Worse, stealing data isn’t like stealing hardware; it could be a long time before I‘m aware that someone has been sneaking a peek at my private data.

So information that you wouldn’t want others to see isn’t a good candidate for the cloud. That includes things like your financial and medical records, confidential client information, and your manifesto for world domination. Keep that under your own control on your hard drive or, better yet, on an external drive that stays secure in a desk drawer or file cabinet except when you actually use it. Back it up regularly and keep the backup in a safe place.

What it Means
If you’re thinking of computing in the cloud, go ahead. It has advantages. But first give some thought to what data you are willing to trust to the cloud and what you want to keep closer to home (or office). It’s quite likely that some of your data files are ideal candidates for the cloud and others are not.

Here are some things to consider:

  • Are you more concerned about data loss or unauthorized access? You now understand the distinction.
  • Is this information you will want to access from multiple locations or computers? Will you share files with others or work collaboratively?
  • If you do create and store data in the cloud, will you be able to download it to a local drive later if you want or need to?
  • How reliable is the company providing service? Have they been around a while? Is access reliable?
  • If there is a subscription required, will you be able to download or relocate your data if for some reason you decide not to renew the subscription?
  • Last on the list, but very important, is this business data covered by any privacy, security or confidentiality regulation, such as HIPPA? If so, cloud computing may not fulfill the regulatory requirements.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s