Over the last few weeks, I have been setting out examples for bulletproof backup plans and the best way to approach the selections and options that lead to a bulletproof backup plan. I write these articles with the understanding that, in a perfect world, if you follow every step, cross every "T," and dot every "I" that the backup and recovery for your system will operate as expected. That was before I read the Ponemon Institute's findings in the 2013 Security of Cloud Computing Users study, which is a survey of 748 IT and IT security practitioners. This study focuses on the security of Cloud computing users and the findings are disturbing.
If you thought having the government spying on your data through programs like PRISM was bad, imagine how the lack of adequate security protocols on your Cloud data will feel.
What is Cloud storage?
First off, what you are really buying is the idea that your data or your applications are stored and operated offsite from your location with the understanding that, as the consumer, you will have access to the service purchased. The dream of the Cloud is sold to consumers as a more inexpensive and secure form of computing than the standard, run-of-the-mill computer at home or work.
While the service may be less expensive than the cash outlay for purchasing the hardware yourself, the idea that the service is also secure is a fallacy. In most cases, the data or applications that are stored in a Cloud environment are no more secure than the encryption or security you use on a home system, if you even considered securing the data sent to the Cloud in the first place.
Security Concerns for SaaS
Here are the shocking results of the survey that pertain to Cloud security. In regards to who is ultimately responsible for securing Cloud computing providers, 79% of the IT professional surveyed stated that the end user is responsible. Yes, that's right. You buy the service from them and the company expects you to do the work of protecting it too. Those 79% of IT professionals see the cloud as nothing more than a rental of remote disk space. The responses get better as 31% of IT professionals say that end users are responsible for securing SaaS applications. In case you are unaware, SaaS is "Software as a Service" or the remote hosting of applications in the cloud so that a company can save on the cost of licensing and security.
So in this case, you pay for a SaaS application that is hosted in the Cloud, administered by another company, on servers that could be halfway around the world, in a data center you know nothing about, but 31% of the professionals that run SaaS service believe the end user is responsible for security. That makes absolutely no sense. Keep that 31% in your mind for this next survey response. Only 29% of IT professionals surveyed are confident that their organization can authenticate users. That's right, the companies that want you to secure your own services on their servers are not even confident that they can authenticate their own users. Does this make sense?
The Onus is on You
The most important thought to take away from this revelation of incompetence is that your files and services are only as secure as you make them. As a consumer of services, you must use your own encryption, you must have multiple on and off-site backups, and you must have a plan in place to recover your data when a failure occurs which includes having a company inline to restore data from damaged drives. Your bulletproof backup plan is only as strong as the weakest part, and as of right now that weak spot is located in the Cloud.