Back in my first IT job, a top-notch network security guy was asked about keeping computers secure (we were working for a Navy contractor and this was at the dawn of the modern browser based internet in 1996). He was an expert in everything from Slackware to Frank Zappa to Algorithm Design to Submarine Embedded System Hardware. He half laughed and then drawled with a straight face: “Want to keep a computer secure? Don’t connect it to a network.” Even before the internet became popular, this was not an option.
Computers are great collaborative devices, but as collaborative devices they need to be connected together in easily customizable and unanticipated configurations. The only means of communications between computers before the advent of the computer network is somewhat derisively referred to as “sneakernet.” The advent of the wired network as a means of communication marked the demise of the primacy of sneakernet, but it also catapulted data security concerns to the top of the list in every IT shop. Physically securing computers behind a locked door was no longer an option.
When all the hype boils away, the cloud is really just an evolution of the network: computers wired together with other computers exchanging information. When modern, self-contained networks were connected to the World Wide Web, a new class of security issues was born, and this is the same class of issues that are present with cloud-based applications. That is the key point here. The mechanisms protecting your data on the cloud are the same class as mechanisms protecting your internal IT resources that are connected to the internet. The difference is that cloud providers can leverage economies of scale to purchase best-of-breed hardware, manage and maintain it with top-tier technicians and have a staff of people whose sole job it is to monitor and plan for security issues.
As a matter of fact, it is not really an exaggeration to say that the sole purpose of cloud providers is to provide secure computing resources for its customers. Cloud-based applications are subject to the same security risks as any application that is connected to the internet. The nature of cloud computing, however, mitigates against the successful exploitation of these risks because of the quality of resources that are enrolled to protect data against these exploits.
The best way to secure valuable data truly is not to connect the computer to a network, but at the same time you have removed the value in that data by not making it accessible to any other applications. Once you have connected that computer to a network, it can’t be much safer than to be housed in a cloud-based environment.
The same network security guy I mentioned earlier had an equally whimsical but somewhat more practical observation about the eponymous “Paperless Office Project” that I am sure most IT veterans of a certain age have all been part of at one time or another. He would look like he was going to wax philosophical, put on his profound face and say, “You really want a paperless office? Get rid of all the dang printers.”
Eric Helfrich is AffirmX’s IT guru. For more information on AffirmX’s cloud-based solution, click here.