Moving your applications and data into the cloud presents a paradox when talking about security. A recent Thales survey found that over 60% of respondents thought that the cloud provider was responsible for protecting their sensitive and/or confidential data. And over 50% said they didn’t know what their cloud provider does to protect their data. That’s a substantial area of unknowns and the reason I said this was a paradox – you’re moving your systems into the cloud for the possibility of less security!
Why is this important? Because many PaaS/IaaS solutions involve putting your beloved data out there where you have less control and security. Witness the new default in Windows 8.1 of setting your Documents library to SkyDrive as the default write location. And apparently the contents of files are not stored locally, only the metadata – it looks like the file is local, but only the info about the file is kept locally. You will need to specifically right-click a folder and set it to be available offline if you want a local copy. Stub files or reparse points do the magic in the background.
But this is a serious departure from traditional cloud sync apps for desktop users and requires a certain ( heavy ) reliance on a good quality internet connection. It also requires heavy reliance on the security and confidentiality of the cloud provider, something that is likely ( and has been proven ) to be in short supply, as can be gathered from recent spying allegations, media reports and lawsuits.
There is the probability that American companies are specifically being caught in broad-ranging requests for customer/user data. And there are reports of the UK following a similar pattern. So the question to ask is how secure do you feel about the confidentiality of your data when stored with a cloud provider. I think this particular issue is going to be shaped by the events around government laws and data interception in the next few years. A word of warning: everything on the internet is available for anyone to see.