Apparently January 28th was the annual Data Privacy Day in commemoration of the 1981 signing of international Convention 108 which was the first legally binding treaty to deal with data privacy and protection. The “holiday,” led by the National Cyber Security Alliance, is a nice reminder that security is not exclusively a cloud issue. Unless my timeline is way off there was no cloud computing in 1981. Yet misconceptions about cloud security continue to be the top issue concerning the Cloud.
The truth is security is a real issue with cloud computing, but not anymore than with traditional modes of delivery. So why is this perception that cloud presents more risk for data privacy so widespread?
Part of it is that there is a lot of information in this regard put out in the world by on-premise and traditional computing stakeholders protecting their territory. But a recent article at cloudtweaks.com says there might be more to it than that. By nature an in-house system has practically zero connection to the internet at large, while cloud systems exist in a digital world that virtually everyone on the planet is connected to. At first glance it seems like the in-house system is more secure to most people. But let me present an analogy.
Imagine that data is a wallet. Now imagine two cars. Both cars have a wallet left in them. But Car One (the on-premise car) is parked in a garage. The garage is locked but the car is not, and the wallet is sitting in the center console. Now, Car Two (the cloud car) is parked out in the open in a driveway, but the car is locked with the alarm set. And the wallet is stowed in a locked glove compartment.
I admit there is something reassuring about having the car in the garage, but the car in the driveway is protecting the wallet just as well if not better. And if we imagine the neighborhood watch as the cloud service provider there are eyes on the data at all times.
Now you might say, well why don’t we just set the alarm on the car in the garage? As talented as in-house IT might be, they usually don’t have the resources to monitor every line of data 24-7. But that is precisely a cloud provider’s bread and butter.