Cybersecurity can seem like a dense fog that threatens commerce.
Anyone who touches an electronic device has been introduced to the “cloud.” In recent months I have seemingly been surrounded – like a fog – by opportunities, issues and potential problems pertaining to the cloud. Frankly, I yearn for the good old days when all we wanted was a clear sky.
First, the good. For technically challenged folk like me who often screw up something on our home PCs, to the chagrin of screaming family whose priceless file or picture we just lost, I am frequently saved by the backup in the cloud. The ease and speed in which that “priceless” file can be resurrected is nothing short of amazing. Truly there is value to not having to own a separate server to back up data, regardless of how important they are – or aren't.
The bad, at least in my opinion, is that software programs are now hosted more and more in the cloud. This trend has a double whammy impact.
First, the cost of the software is almost always significantly more expensive than in the past, when you could purchase a seat outright. The offset is the most up-to-date version of software will always be immediately at your disposal. That convenience is usually not worth the added cost, however; yet it is becoming increasingly difficult to find tools that are not cloud-based.
The second whammy is “automagic” software updates may not be all that convenient, as the update schedules can no longer be managed. If an upgrade is significant, the unexpected and unplanned learning curve may be extremely time-consuming, and might come right when you cannot afford to invest the time.
It’s the dark side of the cloud that has me most concerned, however, and like most dark things there are multiple and conflicting aspects that make it so. Specifically, I’m referring to data security.
Given recent headlines, from the drum beat of WikiLeaks to the hacking of retail customer and credit databases, the risk is clear that what is transmitted and stored in the cloud may not be as safe as we desire. Clearly, cloud storage of sensitive data is a big concern. Of equal concern is the transmission of data to and through the cloud, even if ultimately it is stored in a dedicated server in your own facility on terra firma! And this is where this problem becomes so baffling.
Most of banking, commerce and manufacturing are pushing the cloud as the host of choice for everything from an individual’s music, pictures and banking to corporate cash management, personnel records and intellectual property. The cloud today is the protocol of choice for most to handle the majority of their data storage and management activities. On the other hand, a growing chorus of “hold on” is being sung by individuals and companies, especially in the defense industry – as well as government – that only want “secure” and “encrypted” systems to be used for data storage and transmission.
The conundrum is, where are those systems and how costly are they to install and maintain?
While talking with a number of people about how to upgrade to a “secure” system for my company, it has become evident there’s no consensus definition of “secure,” and even if the technology is available to achieve it at some level, it will require constant upgrading at a level and speed most cannot digest. It will also require companies such as Apple and Microsoft to admit their cloud-based programs may not be as secure as they boast.
Case in point: You have a secure, well-encrypted server on the premises, with backup in a controlled environment offsite, but the e-mail systems used to transmit data back and forth from customers to subcontractors may be suspect. Or, your cloud-based Excel and Word documents may not be secure. Or, the e-mail encryption might need to be updated/edited/rewritten frequently to stay current – on all systems/servers – in the communications chain. Throw in increased use of password and security codes transmitted as text or voice over cellphones as an added “security,” and the layers of computers in service that are not current technology, and it all becomes almost impossible to manage, to say nothing of safe.
Part of me wishes the solution were as simple as going back to a paper system that does not rely on electronic data being transmitted and stored. Clearly that is not feasible. What does need to take place is for knowledgeable people to first debunk the myths of cybersecurity – what is real vs imagined; what is important vs. just desirable – and then to understand that industry resources are limited. Whatever solution, results must be deemed necessary, not just desirable, to ensure data security can be established and maintained. And the solution must be affordable by companies large and small, not just national governments.
Everyone wants confidence their data, be it family pictures or classified IP, are safe and secure where stored and when transmitted. With the heightened concern over cybersecurity, many private and public sector organizations are diligently working to come up with solutions that will protect what is important. I just hope that, when a solution is developed, common sense is part of the equation. Common sense in what is needed vs. what might be considered ideal. Common sense as to how many layers of communication and storage are involved by commerce and industry when producing a product or providing a service. And common sense as to what is affordable by commerce and industry, stakeholders that do not have limitless budgets.
Hopefully, the pursuit of cybersecurity will not make the “cloud” a fog that threatens industry commerce.
is president and CEO of IMI (imipcb.com);