There seems to be a lot of confusion these days about what cloud storage is and what it’s capable of, especially since its use has become so widespread. It’s rapidly expanding into every facet of our lives, but the question remains as to whether security protocols have managed to keep pace.
“Just about everybody used cloud storage in a certain sense,” said Eric Neufeld, a professor and head of the Computer Science department at the University of Saskatchewan. “Essentially, it’s a great big hard drive out there that you can plug into your computer.”
For anyone who understands the basic concept of the Internet, cloud storage is simply a set of online servers that are used to store information. Some easy examples include email servers such as Yahoo, Hotmail, or Google Mail. Then there are servers specifically designed for information storage, such as Dropbox, iCloud, and Google Docs. Metaphorically speaking, these types of software are basically locked filing cabinets that use usernames and passwords as security keys. “Online” just means that they can be accessed on any computer with an Internet connection.
Because of the characteristics of the Internet, the amount of storage space a user can have is only limited by the number of servers at his or her disposal. Obviously, this creates virtually unlimited potential for storing information and carries great potential for institutions with high volumes of information. Take, for example, hospitals: thousands of patients’ information can be neatly categorized and accessed at the touch of a finger. Research facilities can log data and process it all in a fraction of the time it used to take. Any and all organizations can and do use cloud storage for numerous applications.
Beyond these wondrous possibilities, however, there lies an unsettling reality: lack of proper security.
“There are tricky political issues. For example, here at the university, there are some relatively rank and file professors who might be doing research for corporations and governments and they may be under a restriction to make sure that wherever they’re storing their data isn’t susceptible to hacking,” said Neufeld. “It’s possible to hack into Sony Pictures. Tou might have even had your own account hacked at one point or another. There are a lot of institutions that are taking the view that the smartest thing to do is have their own massive internal storage facility as opposed to storing information on cloud and being vulnerable to someone else.”
According to the article “Storage Complexities” in Connections magazine, there are two different types of data: structured and unstructured. Structured refers to information that would get logged into databases. Unstructured refers to human data such as documents, presentations, audio files, web content, etc. Both types of information contain two types of risks: access to private information and access to sensitive information.
Neufeld referenced Sony Pictures, which was hacked into not too long ago and had sensitive information that was breached and released into the public, causing quite a bit of professional damage to certain people. Then there are the celebrities whose personal accounts are hacked into, after which private information such as nudes and inappropriate videos have been released into the public realm.
It’s not enough that sensitive information is accessible once it’s online. The next issue is that once it is, it gets backed up onto multiple servers, making it nearly impossible to eradicate from online once it’s on there.
“Let’s talk about a family photo album. If you want to store it on the cloud, great. You don’t have to worry about the room getting flooded and the hard drive getting water damage. It’s on the cloud; it’s as safe as can be,” said Neufeld. “They will have so much redundancy so it’s almost invulnerable. The problem is once it’s on the cloud, as many celebrities have recently discovered, someone else can break into it.”
Following those risks are the issues of security protocols. One country’s might differ from another’s, but what happens when the servers of one cloud storage software are used internationally? Which country’s laws should apply? Currently, the United States government is facing backlash for the spying accusations leveled against the National Security Agency (NSA).
“Suppose some administrative software was being hosted on American servers,” said Neufeld. “There may be communications that may expose faculty work that is security sensitive to organizations in other countries.”
Despite all these variables, Neufeld says the cloud is still a very viable option. It’s inexpensive and has numerous benefits. People should just be cautious of what kind of information they put on there and what types of risks there are.
“It does open it up to that kind of cyber attack, but on the other hand, something like a bad rain could destroy all your information as well,” he said. “It’s a kind of reward versus risk situation.”
There is nothing yet that is completely risk-free. The best people can do is weigh the pros and cons and decide for themselves what their best options are. For the average user who doesn’t have vitally sensitive information, they can simply use their common sense to put information online that they don’t mind risking becoming public. For the average company or organization, there is usually more convenience when compared to risk, especially if the information is useless to anyone but the intended parties.
“I think in five or 10 years, most of us will have a vast amount of information banked on the cloud,” said Neufeld. “I think it’s going to grow. People seem to like it and the development of security protocols will improve. This is just something that takes time to work out and I expect it to increase dramatically.”
