Cloud storage and security concerns

D

Dnoch

Well-Known Member
Joined
Jun 5, 2006
Messages
101
Reaction score
0
Hi everyone

I'm just busy doing a bit of research and was hoping to ask you all a quick question:

Do you or the organisation you work at use cloud storage solutions for business use?

Do you have security concerns about current cloud storage technology? Would you be interested in a product that added a significant layer of protection over current cloud storage options out there?

Any info you can provide will be of great help.

Thanks!
 
Dnoch said:
Hi everyone

I'm just busy doing a bit of research and was hoping to ask you all a quick question:

Do you or the organisation you work at use cloud storage solutions for business use?

Do you have security concerns about current cloud storage technology? Would you be interested in a product that added a significant layer of protection over current cloud storage options out there?

Any info you can provide will be of great help.

Thanks!
Click to expand...

Companies have a choice to go on a public cloud (which I assume you are talking about) or a private one (for security concerns). I doubt any company out there would run mission critical financial data etc outside of their network. If they do want to cloud-enable their servers and scale down the number of physical machines while keeping an eye out for growing capacity re: storage, then their best bet is private cloud since they (more than likely) already have the infrastructure.

For sharing files or keeping one's calendars up to date, meh. Not much of a security concern to most as files shared are monitored through business processes and only specific people has the ability to upload to a service that's cloud based
 
AcidRaZor said:
Companies have a choice to go on a public cloud (which I assume you are talking about) or a private one (for security concerns). I doubt any company out there would run mission critical financial data etc outside of their network. If they do want to cloud-enable their servers and scale down the number of physical machines while keeping an eye out for growing capacity re: storage, then their best bet is private cloud since they (more than likely) already have the infrastructure.

For sharing files or keeping one's calendars up to date, meh. Not much of a security concern to most as files shared are monitored through business processes and only specific people has the ability to upload to a service that's cloud based
Click to expand...
Thanks for the info. Yes, I do mean public cloud services, such as Dropbox etc. My research is aimed more at small businesses who do not have the resources to go for a private cloud.
The concept that I am currently developing would take existing public cloud systems and make them far more secure (for a small fee to the user)
 
Dnoch said:
Hi everyone

I'm just busy doing a bit of research and was hoping to ask you all a quick question:

Do you or the organisation you work at use cloud storage solutions for business use?
Click to expand...
Yes. Most of our stuff is in the cloud now.

Do you have security concerns about current cloud storage technology?
Click to expand...
Of course. The weakest point in this is the end user, and if they get virus or a trojan it can harvest their credentials (this happens with legacy computing as well).

Would you be interested in a product that added a significant layer of protection over current cloud storage options out there?
Click to expand...
The cloud systems we use are hammered 24/7 365 days a year by Chinese, Russian, etc hackers. How could you possibly make the system more secure than what googles engineers are constantly working on?

Generally your cloud is way more secure than legacy systems. Now instead of an admin with a god complex running your local server, you have teams of the worlds brightest infosec specialists working to keep your data secure in the cloud.
 
ghoti said:
Yes. Most of our stuff is in the cloud now.
Click to expand...
What cloud service do you make use of?


The cloud systems we use are hammered 24/7 365 days a year by Chinese, Russian, etc hackers. How could you possibly make the system more secure than what googles engineers are constantly working on?
Click to expand...
I don't doubt that there are many security systems in place to secure your data, but as you mentioned above, it doesn't change the fact that if someone gets hold of your username and password, all that security means nothing. Look at what happened to Mat Honan, the Wired editor. Or when dropbox usernames and passwords were made public after someone got them off a Dropbox employee's computer.

What I have in mind, to be vague, is an advanced encryption technique that, even if someone gained access to your access details, the data would be useless. Anyone can just encrypt their data, but the technique i'm developing will take it a step further than that
 
Dnoch said:
What cloud service do you make use of?
Click to expand...

Google business apps. Then we have a small private cloud which we run things like our radius server, invoicing, billing and hosting infrastructure.

I don't doubt that there are many security systems in place to secure your data,
Click to expand...
Of course there are. This is google I am talking about.


but as you mentioned above, it doesn't change the fact that if someone gets hold of your username and password, all that security means nothing. Look at what happened to Mat Honan, the Wired editor. Or when dropbox usernames and passwords were made public after someone got them off a Dropbox employee's computer.
Click to expand...

Directly quoted from the article you mention, "Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened". So basically google supplied him with the means to protect himself but he did not use it. I cant talk about cloud like iCloud or Microsofts Azure cloud as I trust neither of those companies to keep my data safe, so I dont use them.

What I have in mind, to be vague, is an advanced encryption technique that, even if someone gained access to your access details, the data would be useless. Anyone can just encrypt their data, but the technique i'm developing will take it a step further than that
Click to expand...
You would need some type blizzard type hardware authenticator or something. Useful for people who get virus`s all the time and cant manage their security.

I assume you might wanna make something like this?
 
ghoti said:
Directly quoted from the article you mention, "Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened". So basically google supplied him with the means to protect himself but he did not use it. I cant talk about cloud like iCloud or Microsofts Azure cloud as I trust neither of those companies to keep my data safe, so I dont use them.
Click to expand...
For sure, that was just an example. Dropbox have also now added 2 factor authentication since their security screwup. As I say, this would be something in excess to all that. Just in case. There would be other benefits too which I'm not going to get into right now as I'd prefer to stay on topic.

I assume you might wanna make something like this?
Click to expand...
An interesting idea, but no, not what I have in mind.

Thanks for all your input though, you've been a great help
 
ghoti said:
Google business apps. Then we have a small private cloud which we run things like our radius server, invoicing, billing and hosting infrastructure.


Of course there are. This is google I am talking about.




Directly quoted from the article you mention, "Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened". So basically google supplied him with the means to protect himself but he did not use it. I cant talk about cloud like iCloud or Microsofts Azure cloud as I trust neither of those companies to keep my data safe, so I dont use them.


You would need some type blizzard type hardware authenticator or something. Useful for people who get virus`s all the time and cant manage their security.

I assume you might wanna make something like this?
Click to expand...


I don't think the OP wants to help keep the user's credentials safe by having the user choose to opt-in or opt-out of specific things like a stupid end-user would normally ignore.

I think what he means is to develop a type of PGP encryption so that a user doesn't need to do anything, admin of said small business would install on all machines, and if they upload a file to their dropbox or whatever, it's encrypted automatically and decrypted as such when/if they need the file again.
 
I am currently running about 80 users on office 365. I feel Microsoft will be able to protect this data better than i could on any of my sites and it is more my own users that i am worried about. Still looking at using SharePoint workspace which from what i can gather, is going to turn into Skydrive Pro.

It is however a bit concerning that one password can give anyone access to so much... If they get their 365 password, it allows them to reset most other passwords as they have access to OWA.
 
Ramcat said:
I am currently running about 80 users on office 365. I feel Microsoft will be able to protect this data better than i could on any of my sites and it is more my own users that i am worried about. Still looking at using SharePoint workspace which from what i can gather, is going to turn into Skydrive Pro.

It is however a bit concerning that one password can give anyone access to so much... If they get their 365 password, it allows them to reset most other passwords as they have access to OWA.
Click to expand...

Thats the same as any system using authentication. IE, root or administrator on a local server.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X