Why you shouldn’t trust cloud service providers

It’s time to review cloud services

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

Simply stated, you can’t trust the employees of cloud service providers. Frankly, I don’t think we can really trust our own employees anymore either, but at least our capability to monitor them is far greater. Early on we had warnings of the problem of just anyone having access to secure data when Google Engineers got caught stalking Google customers through their access. Their getting caught and our finding out about it was pretty remote. I’ve seen, over the years, crimes ranging from theft to sabotage that result in the employee’s termination when caught, but never result in any external report.

We currently exist in a world where nation states like China and Russia are aggressively probing data repositories and these cyber spy organizations aren’t particularly secure either, suggesting where the states go criminals will follow. The easiest way in remains getting access to an employee’s credentials or getting the employee to pull the information like Snowden did.  

[ Related: There Are No Secrets: Edward Snowden's Big Revelations ]

Given the massive value put on this information and the tools a state could use to either phish or coerce an employee to provide access to it, I believe it’s time to seriously start thinking about reviewing cloud services and ranking them based on whether they can protect your data from themselves.  

Protecting data from governments

One of the clear areas being attacked are communications servers. This is particularly visible at the moment with the disclosure that Hilary Clinton, the Democratic candidate for U.S. President, used a private email server, and that this server was likely compromised because it wasn’t adequately protected. Given the Snowden disclosures it is as yet not clear whether this information would have been effectively more secure inside the government. (It strikes me with some irony that given the government leaks, it is possible her email server could have been made more secure than the government solution, but that clearly wasn’t done).

[ Related: Government cloud adoption efforts lag as security concerns persist ]

To continue reading this article register now

Enterprise mobility 2018: UEM is the next step
  
Shop Tech Products at Amazon