Google Cloud: Is this serious? - Page 2 - Canadian TV, Computing and Home Theatre Forums
Reply
 
LinkBack Thread Tools Search this Thread Display Modes

post #16 of 37 (permalink) Old 2014-04-01, 08:38 PM
 
Join Date: Nov 2007
Location: Richmond Hill, ON
Posts: 434
The reality is, nobody gives a crap about the security of what's running in "the cloud".

Decisions are being made primarily on price and functionality. You have to operate under the assumption that if your live and at-rest data isn't encrypted, it's going to be visible by someone, somewhere.

The first set of people who have to be worried about cloud are the likes of HP, Dell and IBM as the days of buying hardware to stick in your own server room or colocation facility are quickly winding down. Sure, there will always be a need for a small amount on-premises hardware, but the amount will be drastically smaller than is the case today.

The next set of people who have to be worried are the old school sysadmins who are doing everything in their power to avoid being replaced by scripts that can auto provision instances that they once spent hours, days or weeks on setting up their servers.

Here's a good article on the shift that is taking place right now.

Are your servers pets or cattle?

DB4e | CPA19 | 2 x HDTC-2US | Mac Mini | EyeTV 3
My scanning and reporting scripts here
905shmick is offline  
Sponsored Links
Advertisement
 
post #17 of 37 (permalink) Old 2014-04-01, 08:45 PM
Veteran
 
Join Date: Mar 2002
Location: Scarboro
Posts: 6,331
Quote:
Originally Posted by 905shmick View Post
The reality is, nobody gives a crap about the security of what's running in "the cloud".
Not true at all.

My company has lots of people using iPads and the just introduced Office 365 for the iPad will be very useful. We are holding off using it since we are trying to figure out if you can store files locally (it turns out you can) or with other methods (you can save files to Sharepoint). But it isn't clear to us if some files may be stored by default to OneDrive.

We are also in the process of replacing our email program which has been Lotus Notes. We have decided not to consider cloud services like Gmail as we are uncomfortable with having our email stored in the cloud, especially if it is domiciled in the US. So that means we will likely be moving to Outlook

It is a violation of our Code of Business Conduct to use Dropbox, or other similar services, to store corporate files. If one of my direct reports are storing sensitive corporate files on Dropbox then I am going to seriously chew them out.
Wayne is offline  
post #18 of 37 (permalink) Old 2014-04-01, 08:49 PM
 
Join Date: Nov 2007
Location: Richmond Hill, ON
Posts: 434
Wayne,

Regardless of the Code of Business Conduct that your business has in place, I 100% guarantee you that there are employees there using Dropbox, Google Docs and other such services.

DB4e | CPA19 | 2 x HDTC-2US | Mac Mini | EyeTV 3
My scanning and reporting scripts here
905shmick is offline  
 
post #19 of 37 (permalink) Old 2014-04-01, 08:50 PM
Veteran
 
Join Date: Mar 2002
Location: Scarboro
Posts: 6,331
Quote:
Originally Posted by audacity View Post
- It doesn't matter where your data is hosted if you're using insecure services like Email. SMTP is not encrypted, so sending a email is like sending a post card. Yet lots of people still transmit passwords this way.
We have set up end-to-end encryption for email for several dozen partners that we deal with on a regular basis. If sending emails to another firm where we don't have the encryption set up then you are supposed to put <encrypted> in the subject line which will require additional action on the part of the recipient of the email.
Wayne is offline  
post #20 of 37 (permalink) Old 2014-04-01, 08:55 PM
Veteran
 
Join Date: Mar 2002
Location: Scarboro
Posts: 6,331
Quote:
Originally Posted by 905shmick View Post
Wayne,

Regardless of the Code of Business Conduct that your business has in place, I 100% guarantee you that there are employees there using Dropbox, Google Docs and other such services.
Yes, we find this out on a daily basis and we point out the security issues to them. If they are caught again then they are subject to disciplinary action, including termination. Is it worth the risk?

I am in the financial industry and the information that we have from time-to-time may be Material Non-Public Information. Disclosing this information can lead to charges of insider trading and jail time, although rarely in Canada as our securities enforcement regulation is a bit of a joke.

Don't forget that computers are very good at logging stuff like web sites visited. We also restrict most ports other than 80 and lots of other sites using services like Websense.
Wayne is offline  
post #21 of 37 (permalink) Old 2014-04-01, 09:01 PM
 
Join Date: Nov 2007
Location: Richmond Hill, ON
Posts: 434
I'd wager that the folks at Dropbox, Google, etc... have a better security team working to ensure your data remains out of hands of "bad guys" than the security team as most businesses. Unless there's a PCI or similar compliancy issue, there's not really any "security issue" with day to day data being stored there.

DB4e | CPA19 | 2 x HDTC-2US | Mac Mini | EyeTV 3
My scanning and reporting scripts here
905shmick is offline  
post #22 of 37 (permalink) Old 2014-04-01, 09:05 PM
Veteran
 
Join Date: Mar 2002
Location: Scarboro
Posts: 6,331
Oh really - Dropbox had a major security breach not too long ago - you don't remember that?

This is from August 2012:

Quote:
Dropbox, the fast-growing private company that lets you share documents easily online, continues to experience significant security breaches in its service, announcing this time that some user usernames and passwords were stolen “from other websites,” and their accounts accessed.

The news follows two other high-profile instances of security problems at the company. A year ago, Dropbox disclosed that all of its users’ files were publicly accessible for nearly four hours due to a bug in the company’s authentication mechanism. During that time, anyone could access a Dropbox account without using the correct password. And in April, a security hole was discovered in Dropbox’s iOS app, which allowed anyone with physical access to your phone to copy your login credentials — because it stored user login information in unencrypted text files.
Source: http://venturebeat.com/2012/08/01/dr...loud-security/

Microsoft claimed about a week ago that they don't need a search warrant to search customer data on Microsoft cloud/hotmail servers.
Wayne is offline  
post #23 of 37 (permalink) Old 2014-04-01, 09:09 PM
 
Join Date: Nov 2007
Location: Richmond Hill, ON
Posts: 434
Yep, they had a problem, fixed it and reported on it. Are you saying with 100% confidence that you can vouch for the integrity of the systems at your employer?

DB4e | CPA19 | 2 x HDTC-2US | Mac Mini | EyeTV 3
My scanning and reporting scripts here
905shmick is offline  
post #24 of 37 (permalink) Old 2014-04-01, 09:20 PM
Veteran
 
Join Date: Mar 2002
Location: Scarboro
Posts: 6,331
Dropbox say they fixed their security breaches - they probably said that after the first of the multiple breaches mentioned.

Can I vouch 100% for my employer? No. But we have a lot more control over our own servers then we do over cloud servers owned and operated by someone else, potentially subject to other government's over site and surveillance by the NSA.

So when it comes to something like Office for the iPad we are a lot more comfortable using Sharepoint on our own servers rather than Microsoft's OneDrive service.
Wayne is offline  
post #25 of 37 (permalink) Old 2014-04-01, 09:44 PM
Veteran
 
Join Date: Mar 2002
Location: Scarboro
Posts: 6,331
Quote:
Originally Posted by 905shmick View Post
I'd wager that the folks at Dropbox, Google, etc... have a better security team working to ensure your data remains out of hands of "bad guys" .
One more thing - what if Dropbox, Google, MS, etc are the bad guys, or the bad guys work at those companies? You are handing them the keys to your information.

Or what if you are in a conflict situation with those companies such as suing them for some reason. Do you want them to potentially have access to your email and/or office docs?
Wayne is offline  
post #26 of 37 (permalink) Old 2014-04-01, 10:20 PM
 
Join Date: Nov 2007
Location: Richmond Hill, ON
Posts: 434
If you're not adding a layer of of your own crypto to the sensitive data, then sure, if they bad guys are working there, they can easily snoop your data.

We can come up with "what if" and various edge cases forever. At the end of the day, a certain level of risk will be deemed acceptable in order to function as a business.

Financial institutions and other regulatory / compliance driven businesses will probably never be fully in the cloud, but they also have the money to do things their own way.

For everyone else, these services are allowing businesses to operate outside of the traditional IT model where the IT dept calls the shots and if it's not offered in house, it can't be done. That's not an acceptable response to most of the business units since they know they can plunk their credit card down and buy an online service that will meet their demands and they didn't have to put together a capital expenditure request and a project plan to have it done internally.

DB4e | CPA19 | 2 x HDTC-2US | Mac Mini | EyeTV 3
My scanning and reporting scripts here
905shmick is offline  
post #27 of 37 (permalink) Old 2014-07-19, 11:02 PM Thread Starter
 
Join Date: Oct 2013
Posts: 991
With the ongoing tit-fot-tat price war in the cloud business, I didn't know it is that profitable
http://recode.net/2014/07/18/can-the...-ibm-it-might/
four is offline  
post #28 of 37 (permalink) Old 2014-07-20, 02:52 PM
Veteran
 
Join Date: Jan 2009
Location: 127.0.0.1
Posts: 3,370
It's difficult to be able to predict the profitability of a business which is the middle of a price war.
audacity is offline  
post #29 of 37 (permalink) Old 2014-07-20, 10:13 PM
Veteran
 
Join Date: Jun 2011
Location: 43° N, 81.2° W
Posts: 8,191
Google could probably give it away, up to a point, and still make a profit from targeted advertizing.
ExDilbert is offline  
post #30 of 37 (permalink) Old 2014-07-21, 03:21 PM
Veteran
 
Join Date: Jan 2009
Location: 127.0.0.1
Posts: 3,370
Sure, but that describes Google in general. Most of their business units aren't profitable (or aren't very profitable) except their advertising business.

My point is that I were to buy cloud hosting for a SAAS app (for example), and I'm paying Google less than the cost to provide the services...

I'm not saying that the prices are that low... yet. But this appears to be a very price-driven market with 3 big players (Amazon, Microsoft, Google) who are cutting prices at a pretty rapid pace. Just look at the price of online storage two years ago compared to today.

And it's not like Google is able to inject advertising in my SAAS application to make some money back.

I just see this as a "race to the bottom" sort of scenario, so I don't think that it will be highly profitable in the long term.
audacity is offline  
Reply

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the Canadian TV, Computing and Home Theatre Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools Search this Thread
Show Printable Version Show Printable Version
Email this Page Email this Page
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome