Locaweb Blog

Using the Cloud Risk-Free

by Gilberto Mautner

Currently, the business use of Cloud Computing is surrounded by controversy. Its supporters and opposers are up in arms about whether it’s secure, whether it’s just hype, and if it’s here to stay or not. In my opinion yes,it’s here to stay. But there are some opposing arguments that are relevant and valid.

Where I disagree with the opposers that are rightfully worried is that, contrary to what they think, the problems associated with Cloud Computing are solvable and don’t preclude it’s business use. On the contrary, it is exactly by taking these worries as a starting point that we can be more secure relying on this new way of working with computers.

1. Risk of data loss: “If the cloud provider loses your data, you’re toast”. It’s true. But it’s a risk that’s always existed, even in traditional computing environments. And the well-known solution is the same in both cases: backup. When you place your data in a server inside your company, you back it up frequently for safety. All you have to do is to keep backing up data when you put in the cloud.

Most applications give you tools to make these backup copies. E-mail providers, for instance, usually give you access to your messages via the “IMAP” protocol. With it you can replicate all of the messages and folders that are stored in the server to your local machine, using programs such as Microsoft Outlook in Windows, Mail in Mac OS, or Thunderbird in Linux. IMAP is an open standard, and in this case it is highly recommended that the provider offer a secure mode (usually by enabling the “Use SSL” option in your e-mail client program).

Obviously other programs in the cloud will use different methods. For instance, when using a “cloud server”, which is usually offered by service providers using virtualized platforms, it is recommended that you keep local versions of the software that is running on these servers, which may also be achieved by using open standards such as “git” and others.

2. Risk of data leakage: This took the scene recently after events involving Google in China. Here, the controversy is also undeserved: The risk in the cloud is exactly the same as when the data is stored locally on any one server or computer. The use of “weak” passwords is the number 1 culprit. Both for data stored in the cloud and inside your company, you will always be at risk from the use of weak passwords. It seems unnecessary in current times to tell people not to use passwords such as “1234″ and other less known but equally dangerous variants, but they all still hold the door open to ill-intentioned parties. Birthdays, initials, spouse and child names, etc. are equally dangerous. To be safe, you should mix symbols, upper and lower case letters, and numbers. The brain is the safest vault, but a well-kept piece of paper (never use electronic files) helps, as long as it’s not under the risk of leakage by persons physically close to you.

There are also leaks that are caused by user PC vulnerabilities. Those affect data in the cloud as much as they affect data stored locally in single machines. This is how it works: First, your operating system becomes outdated, that is, it hasn’t had the latest “updates” or “patches” applied to it, either by negligence or because of the use of pirated software. Then, for whatever reason you open an unsuspicious attachment received through e-mail, which installs “keylogger” software on your computer, which in turn records all the typing that is done on the computer, and sends it to the malicious party. No matter whether the login information captured is from your company’s ERP or from their personal e-mail account, they are vulnerable from that moment on. What should you do do avoid that? Always install operating system updates and patches recommended by the software manufacturer. Usually, the exploited vulnerabilities are old, since it is easier for hackers to use “tried-and-true” techniques than to research new openings. In other words, if the media reports on a new security hole in operating system X or Y, don’t panic, but don’t delay making sure that you’ve updated your system (usually, the solution is quick and automatic updaters will notify you when there is a new patch to apply to your system).

3. Risk of unavailabiliity: Yes, cloud providers may go offline. It happens to everyone. But once again, it’s not a “privilege” of the cloud. Reliability issues are common in company internal IT infrastructure. What makes an environment stable then? Controls and processes, and acronyms little known to the general public, such as ITIL. What is amazing about these alegations is that these are models that are already well know and established in the IT world, and that are available to cloud provider systems administrators. What you should do in this case is select providers that can at the very least prove to know as much as you do about these techniques. Since they are focused on this, it would be expected that the service providers have a vast experience in this field. Again, it’s the same as with traditional IT setups.

What this all means is that Cloud Computing isn’t a miracle solution for all problems, and that the same care that is taken when using single-machine configurations should be taken when using clouds. Backups, password protection, proven operating procedures, everything applies just the same as before. Behind the “cloud” are computers, just like people use at home or in the office. As such, the precautions taken should also be the same.

By using Cloud Computing with this in mind you will be able to take advantage of of the economies of scale, constant updates, modern interfaces, practically limitless, on-demand growth, and everything else this amazing new (well, maybe not THAT new) Cloud Computing frontier has to offer.

Enjoy!