Are we safe beneath the clouds?
Today I won’t restrict my comments to any specific cloud application but will comment on Cloud computing as a whole. I’m sure most people will support me when I say that cloud computing has become a major part of our life on a daily basis. From online banking, purchasing items from Amazon, and in daily interactions on social sites like Facebook, Twitter, Linkedin, and Orkut, etc., interfacing in the cloud is common practice for almost everyone.
When we freely share our content, and especially as we buy products through e-commerce, the very first question that comes to mind is, “Is it safe to buy this by paying with my credit or debit card?”
“Shopping” used to be a pleasure. But today, it’s a headache. Yes, I agree that shopping and other facilities are just one click away, but our prime concern shifts back to Data Security. Cryptographers work hard to keep our personal data out of reach from those that have more villainous intentions. Of course, those with less than virtuous purposes are not lazy, resulting in a cold war between “good versus evil”, as one protects the data and the other steals it. Like brilliant cryptographers, hackers can be equally as brilliant. Cryptographers and Cryptanalysts work hard to stop the intrusion, yet over the years, this cycle has increased, leading to the co-evolution of both data protection and data hacking.
Speaking frankly, the security of data is much different from online privacy. While data security and privacy are interconnected, there is a key difference. For starters, online privacy is typically violated by the company in control of the data itself, while data security is often violated by outside parties. While most companies work to protect both data privacy and security, the company voluntarily gives your data over to others…a privacy violation.
On the other hand, if an outside force exploits a weakness in the company’s security measures and data is involuntarily transferred outside the servers, a security breach has occurred. The involuntary and unexpected nature of a security leak is what separates it from a privacy violation. Security is a much more difficult matter, as the best protection systems can be overcome at any time and without notice. Government overseeing this process may be somewhat helpful in protecting privacy, but when it comes to data security, regulation can only pressure companies to stay up to date on security and possess more strategic and well thought out data breach notification plans; it cannot stop security breaches completely.
For example, we all know that our passwords should be secure, and we shouldn’t share them with anyone. But, what if we do everything correctly from our end, but someone else is responsible for messing it up? What if an IT guru at a prominent IT e-commerce firm forgets to flip the proverbial “safety switch” one morning and a hacker is allowed access to sensitive data, such as credit card information, purchase histories or any of the personal details such as phone no. etc.? Though these kind of situation are rare, these situations do arise. This is just one of many examples of the kind of “Data Security Breaches” that are possible. This is a relatively mild example. Thousands of credit card numbers are stolen annually, and instances of identity theft are on the rise.
The Banking sector currently faces many issues. The first issue is that of high technology costs and underutilized hardware. With cloud innovation, banks may resourcefully scale- up operations without additional costs, either on manpower, hardware or software. Since hardware and software are available on demand, the user has to invest in only what will be utilized.
Another issue faced by large banks and their IT Departments is that they deploy expensive hardware, which is then later not utilized. With the cloud, the bank may change its core banking system and not have to purchase additional hardware to support storage, etc.
For smaller banks, it’s not possible for them to use all these resources as it requires large investments. Such Banks can use pay per user per branch to reduce their cost. Another issue usually faced by smaller banks is that it is difficult to get the right talent to manage servers and hardware. By choosing the cloud, that issue is solved.
Whereas there is no doubt that there are some clear benefits of implementing the cloud in the banking industry, the security and compliance concerns for such a sensitive industry definitely have to be addressed in the most thorough manner.
According to a recent IBM report, threats to data security can be divided into four broad categories: “data threats, configuration threats, audit threats, and executable threats.” As part of the report, a table details the twelve ways data can be stolen, as well as common countermeasures to data threats. This is all well and good for an in-house IT department, but in the cloud, how can you be sure that the cloud vendor is following industry standards? Furthermore, there is another general problem with data outsourcing: what happens if the cloud service vendor goes out of business? Who becomes responsible for secure storage and maintenance? These are questions that CIOs must answer before shifting their business onto the cloud.
One potential solution to this issue is strict regulation and standards within the realm of cloud computing, which
is currently done by companies like Salesforce.com, QuickBooks online, Oracle CRM, Intacct, Microsoft CRM and many more. These firms place a top priority on protecting customer data so that we can (almost) say, yes, we are safe beneath the clouds.
Microsoft Dynamics CRM & QuickBooks Integration Demo:
If you liked this article, share it in your favorite social media!
Get in touch with the author of this article Manish Nair.