Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ask Slashdot: Is Your Data Safe In the Cloud?

samzenpus posted more than 2 years ago | from the silverish-lining dept.

Cloud 332

With so much personal data being kept on the cloud, including government and health records or your source code, do you have any concerns about it falling into the wrong hands? Do you think the cloud's benefits are outweighed by continuing security issues?

cancel ×

332 comments

Sorry! There are no comments related to the filter you selected.

Government action (5, Informative)

OhHellWithIt (756826) | more than 2 years ago | (#38303028)

I believe that government seizure/examination of cloud data is even a bigger threat than hacking. With a court order or -- as we have seen in the past few years -- even without a court order, a trustworthy cloud operator could be forced to turn over our data. The article a few days ago about foreign governments being reluctant to sign onto cloud computing with an American company because of the potential for snooping into their data illustrates the point even further.

Re:Government action (5, Insightful)

GeckoX (259575) | more than 2 years ago | (#38303280)

Heck, never mind seizure, how about willfully providing this information? Twitter is now providing all public posts to the government.

Bottom line, if it's in a cloud, you have zero guarantee as to how that information will be used and who will end up with access to it.

Re:Government action (5, Insightful)

Anonymous Coward | more than 2 years ago | (#38303346)

Twitter is now providing all public posts to the government.

I've never used Twitter, so maybe I'm missing something.
Isn't Twitter providing all public posts to the whole world?

Re:Government action (-1, Flamebait)

Anonymous Coward | more than 2 years ago | (#38303366)

The only thing you're missing is that GeckoX is a moron

Re:Government action (4, Interesting)

Dexter Herbivore (1322345) | more than 2 years ago | (#38303392)

As soon as you supply your information to a 2nd party, it's no longer *your* information. It's a sad state of affairs, but a reality of life.

Re:Government action (3, Insightful)

tomhudson (43916) | more than 2 years ago | (#38303524)

As soon as you supply your information to a 2nd party, it's no longer *your* information

Not true (except maybe in the US, where copyright law seems to only apply in favour of corporations, and the sheeple have ceded control of the political process to lobbyists because the rednecks fear limitations on political campaign donations and pork to the point where privacy legislation is decades behind the rest of the world).

Re:Government action (3, Insightful)

Anonymous Coward | more than 2 years ago | (#38303426)

Actually you are very much on mark there. An article in Politico over the weekend talked about how the Patriot Act is a deterrent for companies to use cloud storage in the U.S.

http://www.politico.com/news/stories/1111/69366.html

Re:Government action (1)

Darfeld (1147131) | more than 2 years ago | (#38303514)

I think things really comes done to "who you are".

For a government or a company with sensible government contract, clouds are as bad as giving the information directly in the open...

For companies in general, you should be very careful going on "the clouds". Who does the cloud belong to? Is it related some way or an other to a competitor? Is it worth the price? The security issue is more or less pertinent given the situation. For small business, I don't really see a problem with clouds, unless your paranoid. ( Then again, it isn't because I'm paranoid that they aren't all after me...)

For individuals, I really don't see the possibility of government reading your stuff as an issue. I mean, I already have a facebook account... Anyway, if you have documents you don't want the government or anyone else to see, don't put them in the clouds... Don't mail them either. It's just common sens...

Re:Government action (2, Informative)

Anonymous Coward | more than 2 years ago | (#38303598)

This is a legal grey area on so many accounts. Is there a reasonable expectation of privacy when storing data in the cloud? This can be important because it means that no search warrants would be needed, and people could be arrested seconds to minutes after data goes in the cloud. Encrypted data could be viewed as probable cause for a search because it would be (in the eyes of the law) equal to putting data on an open, free-for-all FTP server. Lawsuits can be filed for unauthorized MP3 files in seconds after the files lands in the cloud.

Then there is another legal issue: Cloud servers that span countries. An admin in country "A" can be compelled (either via a legal action, or something less subtle like an AK-47 aimed at the admin's family) to log onto another country's cloud servers and hand stuff over. A country like Saudi Arabia where porn is illegal can get access to Germany's cloud servers, and when any German citizens come to visit, have them hauled off and jailed, or even executed, even though the act did not occur on Saudi soil.

Finally there is the fact, as demonstrated by the Borders case that all info on cloud servers, be it trade secrets, protected government documents, copyrighted info... anything become available for all if the server provider goes under and the servers get sold off. A cloud provider that stores PII data like medical records can go under, another company pick up the data and make a torrent of the medical records for anyone to look at, and there is not a single thing that can remedy this in criminal or civil law, because the contract responsibility for data ends where bankruptcy begins.

Until these legalities are sorted out, the only way a company can use cloud storage without violating Sarbanes-Oxley, HIPAA, FERPA, or other regulations is to encrypt data before it leaves the premises.

It would be nice to see some regulation, such as DAR encryption for cloud data, coupled with mandatory destruction/erasure of all data if a cloud provider gets liquidated, with an independent organization overseeing the process, and certificates of destruction (with video) on the website. However, this would have to be part of the bankruptcy code.

Until then, you will get shitloads of promises about security in the cloud, but until these loopholes are addressed, your data is no more secure than storing it on an anonymous FTP server.

Re:Government action (5, Interesting)

rbowen (112459) | more than 2 years ago | (#38303614)

Yes, to me this is a much bigger concern than something intrinsically secure/insecure about cloud computing. By entrusting my data to a third party vendor, I make it one step easier for the government to sieze it. With the kinds of legislation that's being debated even this week, I worry that any data I entrust to a vendor might eventually be subpoenaed, and I wouldn't have any recourse.

And hosting that data elsewhere (ie, outside of my country) doesn't necessarily solve anything.

On the other hand, the benefits of the cloud - a scalability that I can never achieve "at home" - enormously outweigh this concern in most cases. When it comes to confidential data, however, the question becomes much less obvious.

Re:Government action (0)

Anonymous Coward | more than 2 years ago | (#38303766)

With a court order or -- as we have seen in the past few years -- even without a court order, a trustworthy cloud operator could be forced to turn over our data.

With a court order presumably you'd hand it over yourself, even if it was on your own servers. If they're given to handing stuff over without a court order then that obviously is a concern but can you say a bit more about the scenarios you're seeing there?

ABSOLUTELY !! (4, Funny)

Anonymous Coward | more than 2 years ago | (#38303038)

And what's a cloud, really?

Re:ABSOLUTELY !! (2)

youn (1516637) | more than 2 years ago | (#38303114)

And what's a cloud, really?

haha, good luck with that. I think it is this this undefined blob formed by interacting with many transfer points that has many shapes and sizes which has stuff flows out off... like water... oh wait, that's the old definition... or maybe not if you just replace the word water with the word data I guess

a ff7 character? (5, Funny)

Quiet_Desperation (858215) | more than 2 years ago | (#38303232)

It's a marketing term for a hard drive in a different building from the one you are currently in.

Re:ABSOLUTELY !! (4, Insightful)

TheRaven64 (641858) | more than 2 years ago | (#38303260)

A cloud is a large thing made entirely out of vapour.

Re:ABSOLUTELY !! (4, Informative)

tepples (727027) | more than 2 years ago | (#38303302)

"Cloud" refers to a symbol used in network organization charts and data flow diagrams to refer to a connection across a large network. Something being "in the cloud" is on the other side of this symbol, namely on leased servers in someone else's data center.

Re:ABSOLUTELY !! (3, Informative)

Dexter Herbivore (1322345) | more than 2 years ago | (#38303424)

"Cloud" refers to a symbol used in network organization charts and data flow diagrams to refer to a connection across a large network. Something being "in the cloud" is on the other side of this symbol, namely on leased servers in someone else's data center.

In other words, it's what we used to call 'the black box'. Once data enters the black box, it shouldn't matter to the app.

Re:ABSOLUTELY !! (0)

Anonymous Coward | more than 2 years ago | (#38303458)

THIS NEEDS MODDED UP!

Re:ABSOLUTELY !! (5, Funny)

swalve (1980968) | more than 2 years ago | (#38303516)

You need taught grammar.

Cloud ::= Timesharing (4, Interesting)

davecb (6526) | more than 2 years ago | (#38303452)

We used to have cloud computing in the mainframe days: IBM ran a data center somewhere, and you connected to it via a leased line. The only way you knew its location was from the size of your phone bill (;-))

Joking aside, cloud computing really is just a buzzword change. Like any other outsourcing effort, you are at the mercy of the vendor and the government of the country they're in. Chose your suppliers based on the SLA they'll offer you, and the country of the candidate suppliers based on the rights they honor.

--dave

Re:ABSOLUTELY !! (0)

Anonymous Coward | more than 2 years ago | (#38303750)

A miserable pile of droplets!

Data safe? (5, Funny)

Anonymous Coward | more than 2 years ago | (#38303046)

not a bit

Keep your music library safe. (0)

Anonymous Coward | more than 2 years ago | (#38303050)

yep and yep. Shut it all down. My MP3s at Google Music should never ever be stolen. Evar.

No. (5, Insightful)

plopez (54068) | more than 2 years ago | (#38303052)

No one is going to care as much about your data as you do. Next question please.

Re:No. (4, Insightful)

ironjaw33 (1645357) | more than 2 years ago | (#38303138)

No one is going to care as much about your data as you do. Next question please.

This. My employer only backs up one of several disk partitions on my work computer. The non-backed up partitions were hosed during a routine system upgrade last summer. Fortunately, I had backed up the data using my own resources but others hadn't and lost months of work.

The lesson: only you can ensure the integrity and persistence of your data. If even your employer can't, then who can?

Re:No. (2)

carbon_tet (596725) | more than 2 years ago | (#38303484)

Oh, please...

The California Supreme Court recently upheld a law that allows police officers to routinely search your cell phone for information when doing routine traffic stops or arrests. What possible interest could the police have in the contents of your cell phone? Your smartphone with all your tweets and facebook posts that might indicate criminal activity (underage drinking, drug use, etc...).

At least data in the cloud receives more protection than your cellphone, but not much more (if the reason for the data search is deemed "compelling" or justified in some other way). Vermont recently upheld protection of privacy of medical data stored in the cloud (i.e., the data holders could not sell it to other companies for data mining purposes), but it was a hot debate for a while.

People can always make money with more information about a particular area of business or customer practices. The temptation to look at that data will -always- be present. The best way to be safe is to require that the person whose data it -is- be required to give permission before any access can occur.

Re:No. (4, Interesting)

timeOday (582209) | more than 2 years ago | (#38303494)

Keeping money in a bank is really just keeping data in a cloud. It seems to work for most.

Re:No. (1)

bamstead (593464) | more than 2 years ago | (#38303592)

Thats true! For myself and my personal bad habits of neglecting to backup my system. My little cloud app of 100GB has saved me more then once. The last time I tried to be stupid and go from stable to testing I ended with a brand new install. I even dumped the home folder, everything I needed was safely tucked away in a spider web on the cloud.

maybe more secure (4, Insightful)

roman_mir (125474) | more than 2 years ago | (#38303062)

In many cases maybe your data is even more secure in a cloud than on your own servers, especially if you choose your 'cloud' carefully (outside of your country/jurisdiction).

The real threats to your data are your own employees and your government. The outside 'hackers' come as a very distant third.

Re:maybe more secure (5, Insightful)

rbowen (112459) | more than 2 years ago | (#38303078)

Yes, exactly.

Servers "in the cloud" are installed, secured, and maintained, by sysadmins like you and me. Some of those sysadmins are good at what they do, and some of them aren't. "The cloud" is not intrinsically secure or insecure, because "the cloud" is not a definable entity, as much as the tech press wants it to be. This is a misnomer perpetrated by the poorly-informed press, and not really something that's based in reality.

Every time we read an article about "the cloud", it's useful to take a moment to consider what it actually means in that particular scenario.

Although "the cloud" means "I don't care where my servers are", there are in fact actual servers somewhere, and there's an actual person or team of persons responsible for maintaining that server or servers, and they are either good at their job, or they aren't. Talking about "the cloud" as though it's one homogeneous mush of data is nonsense, and leads to all sorts of false conclusions.

Re:maybe more secure (4, Insightful)

TheSpoom (715771) | more than 2 years ago | (#38303178)

Really, I just hate the term "The Cloud" in the first place. It's so vague as to be unusable. Virtualized servers? OK, I get that, and it's specific about what it means. But "on the cloud" tends to just mean "on the internet somehow". Maybe it's on a physical box, maybe it's virtualized, maybe it's run by your company (but probably not), maybe it's managed by a third party. It means I have to ask additional questions, meaning the term is a waste of time.

Re:maybe more secure (4, Insightful)

Terrasque (796014) | more than 2 years ago | (#38303478)

I feel it's more about paying someone else to do all that server'y stuff, and gives you the freedom to go "I need $foo for $bar time" - and the provider(s) goes "okay" and magically pulls it out of the cloud for you. When you're done with it, it goes back to the cloud, no extra cost to you.

At least, that's the impression I've got from the non-technical people's understanding of it. For techies there's nothing new, per se. It's just that hardware / software have come to a point where large companies find it useful both to sell and to buy, and marketing have managed to find a way to explain it to non-techies.

I Disagree (5, Insightful)

eldavojohn (898314) | more than 2 years ago | (#38303344)

Servers "in the cloud" are installed, secured, and maintained, by sysadmins like you and me. Some of those sysadmins are good at what they do, and some of them aren't.

I don't get it then, what makes the sysadmins and employees at these companies that run "the cloud" any more or less secure than my own employees and sysadmins? And what makes the government where "the cloud" resides any more respectable of my privacy than my local government? My own reaction is that there's just another layer of security risk here. At least if they're my employees or sysadmins and I find out data is being leaked, I can fire them and do an internal investigation. If some sysadmin is dumping databases at a "cloud" site, then who is ever going to know and how is that ever going to be rectified?

I'm not arguing against "the cloud" and I don't have a good example on hand of where "the cloud" has failed but to me it seems like a lot of these are virtual machines sitting on physical hardware running more software. And every layer is just another potential weak point in the chain of software. Is that not true? Isn't it possible that employees of VM farms are simply cloning and dumping memory or hard disks (or entire VMs for that matter) for their own personal use?

There was a paper a while back about encrypted computing just to address this very fear.

"The cloud" is not intrinsically secure or insecure, because "the cloud" is not a definable entity, as much as the tech press wants it to be. This is a misnomer perpetrated by the poorly-informed press, and not really something that's based in reality.

Just like the title to this Ask Slashdot encourages us to debate the security of something that cannot be intrinsically secure or insecure? If you're telling me that "the cloud" is not intrinsically secure or insecure why are we having this conversation? I mean, I think it's worthwhile to consider what a lot of "the cloud" services are that are out there (the big few that exist) and to debate their security success or potential holes. You can always deflect my arguments by saying that they're just "implementing the cloud wrong" and we won't go anywhere. But it is my opinion that sensitive, personal and secure information should not be handed off to yet another third part for computation or storage unless your trust with them is enough to risk litigation against yourself from all of your customers.

Re:I Disagree (3, Interesting)

gl4ss (559668) | more than 2 years ago | (#38303734)

we are having this conversation to promote SourceForge, if you didn't notice.

heck, I would have missed this "article" but it was laced on my post history page - in a different color too.

I thought I had ads disabled. guess not...

Re:I Disagree (1)

roman_mir (125474) | more than 2 years ago | (#38303756)

I am not having this 'conversation' to promote anything except the idea that maybe your own workers and your own government are a bigger threat to your data than somebody in another country selling server time, which is their business model and they can either do it right and succeed or do it wrong and fail.

Re:maybe more secure (1)

GeckoX (259575) | more than 2 years ago | (#38303398)

Not only is this dependent on the quality of the sysadmins, it is dependent as well on the policies and actions of those governing any particular cloud. The sysadmins do not create these policies, they merely implement them. Bottom line is that when you put data in a 'cloud', you are trusting the corporation or entity in control of that cloud with your data. Their policies could change at any time. Or the government could do so for them. Or another entity could take ownership and again change the policies involved.

Bottom line is that once your data is on someone else's server, all bets are off. Someone else is in 'possession' of this data, and may choose to do things with this data that you might not agree with.

Re:maybe more secure (-1, Troll)

Anonymous Coward | more than 2 years ago | (#38303570)

Go fuck yourself you corporate pig. You and the BoingBoing rejects who are taking over as editors here are ruining Slashdot with your thinly-veiled advertisments and none-too-subtle promotions of your own technologies.

Fuck you.

Re:maybe more secure (2)

youn (1516637) | more than 2 years ago | (#38303164)

let's say cloud provider security is brilliant and you place the cloud on the moon just so that no human can get there... CA hack and MITM can make efforts worthless within seconds

Re:maybe more secure (1)

homey of my owney (975234) | more than 2 years ago | (#38303228)

Right, because there are no employees/government/hackers in the cloud. Whew!

Re:maybe more secure (1)

roman_mir (125474) | more than 2 years ago | (#38303728)

that's not my argument, nice straw man.

My argument is that the first people one has to be cautious about are his own employees/coworkers. Second in line is your government, and that's why jurisdiction of where the data is stored is important. Hackers are always an issue, but they are not the same level of issue and your data has no priority in the cloud before anybody else's data and it has no useful context.

The job of server farm administration is to keep it running, keep it safe, if they don't do their job then people don't use them, they fail as a business - market at work.

simple -- create an encrypted container (2, Insightful)

Anonymous Coward | more than 2 years ago | (#38303064)

then store it to the cloud w/ you just knowing the keys/passphrases

Re:simple -- create an encrypted container (1)

youn (1516637) | more than 2 years ago | (#38303184)

remember not to reuse the passwords you give to journalists writing books about you especially if the data is leaked in the wild :)

Local Storage, Forever (0, Insightful)

Anonymous Coward | more than 2 years ago | (#38303070)

I do not trust the cloud, because I can't grab it and bury/burn it at my whim. Just like posting on FB, once you have done it - that data is out there, forever.

local storage will never die.

The "cloud" is not some mysterious relic. (5, Insightful)

cmv1087 (2426970) | more than 2 years ago | (#38303080)

It's still someone else's servers holding my data and I still have to go through some hoop(s) to get at it from other devices. What is so special about it?

Re:The "cloud" is not some mysterious relic. (2)

Xugumad (39311) | more than 2 years ago | (#38303286)

Someone re-re-invented mainframes, and therefore everything is new and no-one understands it any more.

Possibly better trained than me? (3, Insightful)

rbowen (112459) | more than 2 years ago | (#38303480)

I would like to believe that when I host a server at Slicehost (oh, yeah, it's Rackspace now) that they have server administrators who are better trained than I am. That they have backup procedures that are better executed than I would do. That they upgrade their hardware more often than I do.

Likewise, if I put my data on a "cloud" service, I am paying for the assurance that they have secured those servers at least as well as I would, in addition to whatever it is that they specialize in (scalability, availability, redundancy, etc). So, in theory at least, that's what's special about it - that they can do a better job at those things, for less money, than I can.

The reality can be less clear cut, and so, as with any vendor selection process, you have to do your homework and find the ones that seem to do a good job.

I think the press has done us all a disservice by making the cloud into, as you say, a mysterious relic with mystical powers. Hopefully those of us actually making these decisions understand what it really means and can be sober about evaluating options.

A little telling (1)

TheSpoom (715771) | more than 2 years ago | (#38303108)

...that the first outing of the sponsored Ask Slashdot is a Geeknet company.

In any case, as usual, it depends on the kind of data. I believe medical data has be encrypted though, no?

Re:A little telling (5, Funny)

rbowen (112459) | more than 2 years ago | (#38303130)

...that the first outing of the sponsored Ask Slashdot is a Geeknet company.

Yes. I'm called the guinea pig.

Re:A little telling (2)

TheSpoom (715771) | more than 2 years ago | (#38303216)

Looking good so far. It'll be interesting to see what kind of posts actual sponsors make when we get there.

Re:A little telling (5, Interesting)

Hadlock (143607) | more than 2 years ago | (#38303320)

Well, we were pissed about the experts not being expert enough -- so here goes nothing -

What does Source Forge do that is above and beyond the call of duty to protect user information? Have you guys had any data breaches that you haven't disclosed, or fully disclosed? What would you have done differently in hindsight?

Re:A little telling (5, Informative)

rbowen (112459) | more than 2 years ago | (#38303558)

What does Source Forge do that is above and beyond the call of duty to protect user information? Have you guys had any data breaches that you haven't disclosed, or fully disclosed? What would you have done differently in hindsight?

When we have attacks, and compromises (which has happened in the the past) we report in detail on it in the blog. Here's one example: https://sourceforge.net/blog/update-sourceforgenet-attack/ [sourceforge.net]

As with any company, these sorts of things have a procedure that we have to follow, and I'm checking with the people along that trail to see what I should say in response. There haven't been any compromises or attacks during my time at SF, so I don't have any personal experience as to how we respond to this, but I've asked some of the guys on our engineering team to help me put together a response to this question.

Re:A little telling (3, Funny)

Cylix (55374) | more than 2 years ago | (#38303418)

Excellent,

I was told by a very powerful source that the only way to protect my data was via a contract for my soul. Among the things needed for the incantation a guinea pig was cited.

Look at Paragraph 367 Subsection 32... "Satan will personally hover over your data with an army of undead ghouls.^3214"

I'm still trying to find foot note three thousand two hundred fourteen.

These deals with the devil are almost as bad as FCC mandates.

No, the bits will get wet! (5, Insightful)

HTMLSpinnr (531389) | more than 2 years ago | (#38303118)

::rimshot::

No, seriously - depending on the cloud service, aren't buckets of data encrypted in such a way that only the owner of the data can access them? Cloud service providers may be required to hand over data, but do they have the means of handing over the encryption keys along with it?

For certain cloud services where you're uploading via browser, they may be encrypting your data post-upload, so the request to decrypt may be more trivial. However, if you manage your own (like S3 backups) - or simply use a service that encrypts BEFORE uploading, I'm not sure there's a whole lot Amazon or some other provider could do to hand over the data in any usable form.

Those who are concerned about security of their data should ensure that the backup is encrypted in an acceptable method, or simply stash it in an encrypted container before storing it "online" (I realize there may be limitations of scale with that suggestion).

Re:No, the bits will get wet! (0)

Anonymous Coward | more than 2 years ago | (#38303326)

"Cloud" based data will be inherently visible to the system host until homomorphic encryption becomes practical.
Right now, if you request a tuple from a database, the database engine has to know what the data you are asking for is. Even if the database files are encrypted, the engine has to be able to decrypt the data on the server, thus exposing it.

Re:No, the bits will get wet! (1)

betterunixthanunix (980855) | more than 2 years ago | (#38303352)

Cloud service providers may be required to hand over data, but do they have the means of handing over the encryption keys along with it?

Well, it depends on what you mean by "cloud," but...

http://digital-lifestyles.info/2007/11/09/hushmail-opens-emails-to-us-dea/ [digital-lifestyles.info]

Who asked this question? (5, Insightful)

MalleusEBHC (597600) | more than 2 years ago | (#38303136)

Unlike all other Ask Slashdots, this question is not prededed by "$USERNAME writes", so who actually proposed this question? A user that didn't get credit? A Slashdot editor? Someone from Sourceforge? The post introducing sponsored Ask Slashdots says that "the sponsors don't pick the questions", but that's still ambiguous. Many people are skeptical about this being thinly veiled astroturfing, so it's important to be as transparent as possible.

Re:Who asked this question? (1)

jones_supa (887896) | more than 2 years ago | (#38303192)

I'd like to know too.

Re:Who asked this question? (5, Informative)

rbowen (112459) | more than 2 years ago | (#38303210)

I didn't get to pick the question, if that's what you're asking. Presumably, if I had, it would be more about Open Source. I believe the question was chosen by the Slashdot editorial team.

Re:Who asked this question? (5, Insightful)

Anonymous Coward | more than 2 years ago | (#38303566)

I don't know if they're taking constructive criticism from anonymous users, but...

Slashdot might get more mileage out of a question that people can have several different takes on. "How should I archive data long term?", or "How do you secure a small business website on a tight budget?", or the like. This one is a bit of a dud because it's basically two yes/no answers. It's just chumming the waters to throw something like this into a user community that's already on to your synergistic marketing plan; they need something that geeks can't help themselves but participate in.

For a SourceForge topic, I'd love to read more details about what's involved in providing and effectively securing the type of service they provide (which must be a bit of a rolling nightmare for you folks with hundreds of thousands of projects and the level of exposure that entails), and maybe a solicitation of anonymously-submitted stories from other users about website break-ins they've had to clean up and how things went, both with the software and with public relations.

Re:Who asked this question? (0)

Anonymous Coward | more than 2 years ago | (#38303700)

feedback@slashdot.org

Re:Who asked this question? (4, Informative)

PerlJedi (2406408) | more than 2 years ago | (#38303768)

For what its worth, I personally agree with you.

Re:Who asked this question? (1)

Jeng (926980) | more than 2 years ago | (#38303330)

My question is why can't I exclude stories by category now? I went to block Ask Slashdot from my list of stories I'll accept and it just plain didn't work.

Re:Who asked this question? (5, Informative)

PerlJedi (2406408) | more than 2 years ago | (#38303782)

That would be a bug, not a conspiracy. I'll see to it gets fixed.

Re:Who asked this question? (3, Funny)

Threni (635302) | more than 2 years ago | (#38303410)

Find out...right after this message from our sponsors!

Encrypt First (2, Insightful)

Anonymous Coward | more than 2 years ago | (#38303146)

I would encrypt any sensitive data I may have before storing it in the "cloud". It would be irresponsible to assume the data can not be read or copied by others.

Sponsorships? Really? (4, Insightful)

RobinEggs (1453925) | more than 2 years ago | (#38303148)

Note to slashdot: It'll be hard to maintain whatever shred of journalistic veneer and integrity you have left if you start posting advertisements for sister websites as 'sponsorships' of semi-legitimate discussions or stories.

The fact that everyone else does it is still no excuse.

Re:Sponsorships? Really? (4, Insightful)

mikeroySoft (1659329) | more than 2 years ago | (#38303284)

I'm glad at least comments are enabled. Most other sites disable them for sponsored articles.

Further, I imagine that the bandwidth and hosting costs of /. are quite high, so they need to get a return somehow.
I mean, with so many people here probably using AdBlock etc, or disabling ads because they're registered users who can, they have to get their ads-to-eyeballs ratio back up to somewhere that it's actually worth it to advertize here (this ensuring that our geeky community can continue to have someplace to live!)

Re:Sponsorships? Really? (1)

mossy the mole (1325127) | more than 2 years ago | (#38303718)

Note to slashdot: It'll be hard to maintain whatever shred of journalistic veneer and integrity you have left if you start posting advertisements for sister websites as 'sponsorships' of semi-legitimate discussions or stories. The fact that everyone else does it is still no excuse.

While the whole sponsored ask slashdot does seem a bit off, at least the posts from the sponsors are clearly marked. As long as that continues maybe it wont be too bad. (On the assumption that they dont allow sponsorship from any really evil companies)

Fuck you sourceforge (-1, Flamebait)

For a Free Internet (1594621) | more than 2 years ago | (#38303156)

fUCK YOU capitalism and capitalist advertisementsw, fuck you!

It's hard to see it being less secure (1)

OliWarner (1529079) | more than 2 years ago | (#38303198)

The British government has an appalling record when it comes to protecting data. It all comes down to individual failures. Individuals in ministries, local government, etc have been loading up laptops and USB sticks with swathes of very personal, very sensitive data and then losing these devices or having them stolen.

I do understand that the cloud technically may technically make a data theft much more easy but given the volume of data that has been physically stolen in the past decade, it's hard to imagine it being worse than the status-quo. At least they can wrap everything in umpteen layers of security and DRM and attempt to standardise the way councils and hospitals manage sensitive data.

Re:It's hard to see it being less secure (4, Interesting)

rbowen (112459) | more than 2 years ago | (#38303640)

As I posted here: http://ask.slashdot.org/comments.pl?sid=2563666&cid=38303250 [slashdot.org] - I've seen servers at hospitals, local governments, and various other supposedly-secure places (fire stations, airports, etc) in my years as a network security auditor. And I frequently peek under the keyboards in doctors' offices while I'm waiting for them. It's hard to imagine that storing data on someone else's server instead of their own is going to make any substantive difference in their data security posture.

Is? (0)

davebarnes (158106) | more than 2 years ago | (#38303200)

Not is, but Are.
Datum. Data.
Even engineers know how to use the plural.

Re:Is? (0)

Anonymous Coward | more than 2 years ago | (#38303528)

Dude, data is a mass noun. [wikipedia.org] It has no singular or plural.
You use singular verbs with it.

Mass noun (4, Informative)

tepples (727027) | more than 2 years ago | (#38303576)

"Data" is plural in Latin [wiktionary.org] , but in common English usage, "data" has become a mass noun [wikipedia.org] . One says not "two data" but "two points of data". If you insist on inflecting the verb to match the Latin plural, do you plan to say "datôrum" for "of the data" and "datîs" for "from the data" or "to the data"? Or do you use "data" to mean gifts? Of course not; that'd be the etymological fallacy [wikipedia.org] .

Is your medical data safe now? (3, Interesting)

rbowen (112459) | more than 2 years ago | (#38303250)

I used to be a security "expert" (at least according to my business card), but that was long enough ago, and things have changed sufficiently since then, that I no longer make that claim. However, back then, most of our customers happened to be in healthcare in some form or another, and I was appalled, on a daily basis, how insecure their data was. Any high school kid with some tools could completely own their network servers with very little effort. We hired one of those high school kids, and he frequently did.

Furthermore, with a little sweet talking, or looking under keyboards, we got access to all the stuff that he didn't. Granted, this was in the days immediately before HIPAA, and in the first days after HIPAA when people were trying to figure out how to implement the requirements. I naively hope that HIPAA has corrected some of the most glaring of these problems.

It's hard to imagine that putting data "in the cloud", whatever that happens to mean in the particular case under discussion, could be any less secure than where they're already storing your data.

April Fools? (-1)

Anonymous Coward | more than 2 years ago | (#38303254)

I thought Slashvertisements were an april fools joke.

Re:April Fools? (-1)

Anonymous Coward | more than 2 years ago | (#38303474)

Get used to it. Around here every day is April Fools Day now.

Absolutely not (3, Insightful)

KlomDark (6370) | more than 2 years ago | (#38303262)

These days your data is your wealth. Putting it somewhere as vague as 'the cloud' is as dumb as keeping your life savings in a car belonging to someone you don't know and have no idea where that car might be located. (Probably in some trailer court.)

It's a marketing trap - don't fall for it.

Is your data safe in the cloud? (3, Informative)

salparadyse (723684) | more than 2 years ago | (#38303288)

No.

Define safe? (2)

arsemonkey (1970712) | more than 2 years ago | (#38303300)

I use cloud storage for a good deal of our small business data. The question is do the people who work at the place my data is stored at do a better job than I would protecting that data? probably. Am I worried about about most of that data being obtained by a hacker? No. 70% of it is actually public record, and the other 30% is really boring financial stuff. Could someone steal my identity if they got this information? Most likely. if this happens, have fun blackhat; the IRS is after you, and so is the (local) state employment security department! (also you may have a bench warrant) have fun.

Not just security, but ownership issues as well (0)

Anonymous Coward | more than 2 years ago | (#38303306)

Security is a big issue, but I find myself wondering about who will be owning the data in the end, and if the future of computing is tablet/cloud, as users we won't have the means to save our data on our own drives, we would always have to use the cloud. Talk about lock-in, price increase of cloud services...
Will we have the choice in the future of NOT using the cloud?

where does the cloud store their stuff? (1)

alen (225700) | more than 2 years ago | (#38303376)

that's the question. where do they store their internal email and data? in another cloud? in their own systems?

if they store it locally then why should i send my data to them?

security... from what? (5, Interesting)

carbon_tet (596725) | more than 2 years ago | (#38303382)

I am a lawyer, and the thought of trusting my data to the cloud makes me very nervous for several reasons.

1. Government access. If you trust the government to keep its hands off of your securely stored data, you are living in the 1960s. Federal and (most) state governments are too tempted by the possibility of using your data for good purposes to actually keep their hands off it. Employees (like the FBI) will peek at it, especially if you're famous. They will run "searches" to see "what comes up" and get a feel for whether the government needs to do something. Data should never be stored -with- the government, and government should be expressly forbidden from getting access to it after it is generated. They should be required to give you notice each time that they access your data and describe to you what they are looking for in it when they inevitably -do- access it.

2. Outside threats. I'm thrilled every time I read about botnet attacks and Anonymous hacks that get into some individual's or company's private data. (Sarcastically...) "Yes, I believe that my externally stored data is safe from outside intrusion and will not be stolen by criminals." No, I don't believe that. There is no routine requirement for encryption in business environments. If there isn't a robust, national / industry-wide data encryption plan that makes it easy for the end-user (the person whose data it -is-) to protect and access the data, I think that the cloud is too risky for storing really important information, rather than just having my music collection stored in iCloud or Amazon's service.

Also, email security, to me, seems to be a joke. Here, I don't worry about breakins to get at my information, although that has happened at many email providers. Rather, I worry about internal inspection of my information. I use Gmail, but I don't believe for a minute that Google, (or Facebook, which I don't use) doesn't sometimes run statistical analysis of the email stream or the google search bar terms I use to learn more about me. It's their business to know more about me so that they can make money advertising to me. You can be sure that they test their AdSense algorithm improvements on my data to enhance the chances that I'll click on an ad and make them a few per thousand clicks.

I will use the cloud as a backup with services like MozyPro, but only if I can have assurance that my information (my clients' information, really) is locked down tight. To my mind, "ease of access" from storing information in the cloud equates all too readily to "ease of theft" where the thieves don't even have to leave their desks in Mountain View or Moscow to "reach out and touch someone" (apologies, ATT). I much prefer to make the thieves go to all the bother of getting up and coming to my house or office to steal my data.

The biggest threat to your data is yourself. (1)

siDDis (961791) | more than 2 years ago | (#38303404)

I run my own cloud network storage business. Everything is encrypted on the client side, there is no cheating(ala bitcasa which says they manage to deduplicate encrypted data). Sure you can upload raw data that you for example want to share, but one should know that someone else then have the possibility to read and abuse the data.

So I would say the data is safe in our cloud. Sure we have access to see how much disk space you're using, but thats pretty much it.

Really? The Cloud? (0)

Anonymous Coward | more than 2 years ago | (#38303412)

save time an money, skip the cloud, just put your data on a flash drive and toss it out the window while driving.

start counting the days til the first cloud hack data theft.

Is Your Data Safe In the Cloud? (4, Insightful)

1s44c (552956) | more than 2 years ago | (#38303450)

Is Your Data Safe In the Cloud?

No. Next story.

It's safe (1)

Cro Magnon (467622) | more than 2 years ago | (#38303460)

Until it rains. Then all your data washes out of the cloud and ends up in a puddle on the ground.

Safe? (1)

Stumbles (602007) | more than 2 years ago | (#38303488)

No and any idiot that thinks it is or could be make safe is just an idiot.

One vote for the cloud (1)

Geeky (90998) | more than 2 years ago | (#38303492)

I'll vote for the cloud. I use web based email (google) because I reckon they'll do a better job of backing up my data than I do (copy to USB drive as and when I think about it). I do download the contacts to a CSV every now and then, and should probably pop the email down to my PC as a local copy. I use Dropbox and Evernote as well - I like having things on multiple devices, and can't see the point of reinventing those wheels to do it myself.

The only things I store locally only are my photos, but I'm at about 600GB there, so the cloud wouldn't be practical. I do backup, not religiously, and so far haven't bothered with offsite copies.

While I care about my privacy, I reckon the worst that can happen with my email is that some admins at Google read it and have a good laugh at what a loser I am!

Trolling Sponsored Ask Slashdot Questions (-1, Offtopic)

mr1911 (1942298) | more than 2 years ago | (#38303532)

To debut the new sponsored Ask Slashdot, let's post a topic that has been hashed and rehashed before. The answer to the posted question is obviously no, so let's see how many people we can get to debate just how unsafe could data is.

I can't wait to see what they think up next. Will it be something from last week, or from the week before. Maybe the next sponsored Ask Slashdot will skip the build up and link to goatse directly.

The only way to make the new sponsored Ask Slashdot even remotely interesting is to reserve the first post for Dr. Bob.

no (0)

Anonymous Coward | more than 2 years ago | (#38303546)

Only if you trust both the operator and every jurisdiction in which they operate now and in the future. So in short no.

If you absolutely most store such data in a 3rd party datacenter (or cloud if you must), take responsibility for the data security yourself. Use an encryption layer above the storage layer.

TIP to avoid "sponsored" "news": (0)

Anonymous Coward | more than 2 years ago | (#38303596)

Just add a filter in your RSS client to block everything with " - Sponsored by " in the result.
In Thunderbird go to "Extras -> Filters..." and add a new one with "Subject" "contains" " - Sponsored by " and "Set junk status to" "Junk" and/or "Move message to" "Trash".
Done. :)

Personal Computers were created ... (2)

BravoZuluM (232200) | more than 2 years ago | (#38303622)

...so that we could remove ourselves from the cloud. Years ago when I started my career, I was a mainframe programmer. We operated through terminals that sent commands to the central mainframe. It was constraining and the machine high priests prevented individuals from being productive. Then the Apple II came out and we got a few of them past IT. Then the PC with dBase and Lotus 123. The Apple Laserwriter is what pushed the tipping point as then everyone became a publisher. We were freed from the tyranny of the controlled server. I laugh because here we are 30 years later and we are being sold that the cloud is freedom. Yes, freedom for the company to mine your data and market you. What does the individual get out of the cloud? If your network goes down, no cloud. The cloud is a stupid idea foisted and fostered by a generation too young to remember the old cloud. No thanks, I'll keep my personal data on my laptop.

Of course not (2)

Tridus (79566) | more than 2 years ago | (#38303642)

Ars actually just covered this for anybody not in the US - the Patriot Act is a huge barrier that is making it hard for US companies to do business. Nobody in their right mind trusts US cloud providers with their (subject to non US privacy law) data.

no silver lining (0)

Anonymous Coward | more than 2 years ago | (#38303650)

Here is a good video of what is a cloud: http://www.blip.tv/file/2714301 I love the cats.

Also:
I have never seen a storm that didn't have a cloud in it. Remember that. Also remember the more tiers the more tears.

I wish the filter on /. would let me post all the links I've accumulated over the year with issues: Here is a small sample of issues this past year: skype outages 12/24/2010, gmail loosing 150,000 email account messages (there servers went bonkers and they struggled to bring back messages, I think they got most back but not all) 2/28/2011 ibm looses 1.9 million patient data records, netflix was down for hours on 3/22/2011, 4/1/1022 tv shows stored in cloud were wiped by an employee and no backups so shows were lost forever, 4/4/2011 - epsilon email marketing company compromised, hootsuite, reddit, foursquare down when Amazon AWS went down on 4/21/2011, Sony on 4/27/2011 with it's data breach, on 5/2/2011 Vmware cloud went down. 5/16/2011 microsoft cloud services were down for 4 times in a week, 6/20/2011 GRID online multiplayer meets early demise on PC because 3rd party level they were using didn't want to renew a service they needed, 6/21/2011 drop box accidentally turned off passwords for file storage service (so anyone could view your stuff), 6/21/2011 wordpress plugin repository compromised, 6/29/2011 groupon published 300,000 customer usernames and passwords on their website by accident, 8/18/2011 microsoft crm online office 365 customers were had an outage, I don't have the date but also Intuit shop cloud was down for 3 days in 2011.

The list goes on and on.

simple answer: no (2)

Ralph Spoilsport (673134) | more than 2 years ago | (#38303690)

Between the patriot act and the value of the data itself for mining purposes, no. To argue otherwise is naive.

Depends on sensitivity of the data.. (1)

Junta (36770) | more than 2 years ago | (#38303722)

From my *personal* perspective, I do have some stuff stored in a 'cloud' provider, but I *don't* trust any encryption they provide, I gpg it before upload. This is *not* stuff I'd care about the government seeing, incidently. My presumption is the gpg protection should suffice in the face of realistic attacks mounted by people who could do something apart from the government. Additionally, if broken, the damage would be recoverable.

From a business perspective, after talking to various companies, my take on the general outlook:
-If it's material like advertising/marketing, wherever is cheaper, no confidentiality to sweat.
-If it's material that the company doesn't explicitly care about, *but* is regulated to protect the confidentiality (e.g. incidental medical data subject to HIPAA accumulated by a non-medical company), then they would almost certainly put it on a 'cloud' *if* liability were part of the agreement. The rationale being they only care about being sued/not sued. If they don't have to store or audit the data and lawsuits pretty much go straight to the provider, they are very happy. No provider seems to be stepping up to offer that however.
-If it's material that the company explicitly cares about (e.g. future product designs by a manufacturer), no way in hell. If they did outsource, they'd spend about as much money *auditing* their provider as they would protecting it themselves (if not more) and still not being as comfortable, so why bother. They feel the damages they could get through legal channels would likely not offset their opinion of their loss.

I think VMware has got it right... (4, Interesting)

sco_robinso (749990) | more than 2 years ago | (#38303726)

I was recently at a VMware luncheon with a VMware "clould" expert. He was probably the first person from a big could-services type provider that openly admitted the cloud isn't for everyone, and in many cases, it just doesn't make sense. He went on to explain that it's VMware position that you deploy your own "private cloud" at your own pace, and whether or not you move to public cloud is entirely up to you. Their whole sell was that their products make the transition from private to public cloud easy, hence you can stay private or move public at your own pace.

This contrasts to some recent Microsoft events I've attended, where they were pushing Azure so freakin hard that one of the Microsoft guys was almost literally said, quote for quote, 'if your next SQL project isn't on Azure, you're making a BIG mistake'. Microsoft seems to be of the mindset that between Azure and Office365, it's a hole-in-one business case for every company on the planet, which it's not. They went on to sell their Intune service the same way - 'If you're not a big company that has your own SCOM/SCCM solution, then you're making a mistake if you don't use Intune'.

Bottom line, much more cloud snobbery from the Microsoft guys.

Only if... (0)

Anonymous Coward | more than 2 years ago | (#38303744)

Data is only safe anywhere (mostly) if you use end-to-end strong encryption. Even then, keyloggers can capture your passkeys and gain access to your data just as you do. So, my advice is to NEVER store anything in the cloud that you don't want others to have access to. Facebook and other sites of that ilk are a good case in point.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?