As a law firm, you understand the importance of keeping client information confidential. This has been the cornerstone of the industry for centuries. But over the last thirty years our creation of information has gone increasingly 'digital' and is now reduced to "ones" and "zeros". It has become Data, and Data has become "Big Data".
The cost of protecting this Data initially was expensive as firms had to invest in large technical infrastructures, and teams to support them. But in 1999 this all changed when Salesforce.com developed the idea of providing application services via a simple browser. Of course the concept of 'Cloud computing' was borne far earlier (in the 60's in fact), but the thing we call Cloud today is only really around 17 years old. So is 'Cloud Computing' Secure'?
Is 'Cloud Computing' secure? Answer: Yes
Those involved in developing Cloud solutions have from the outset built their systems and facilities following a concept which is known as 'Privacy By Design' (PbD). This concept looks to ensure that organisations embed it into the design specifications of business processes, operations, physical and technologies. PdB means thinking about privacy from the start and building it into the design and architecture of all new systems and processes.
Cloud providers have understood the importance of Security from the outset, and its principle concepts of;
- Confidentiality – Keeping information secure;
- Integrity – Ensuring you can trust the information and that it is reliable; and
- Availability – That the information will be there when you need it.
Cloud providers therefore invest heavily on technical infrastructures which you and I are shielded from. This includes many technical and non-technical processes, like 'Firewalls', 'Intrusion Prevention Systems' (IPS) and 'Intrusion Detection Systems' (IDS) and pro-active monitoring.
From a non-technical point-of- view, Cloud providers invest heavily into ensuring their services will go uninterrupted through the use of Uninterruptable Power Supplies (UPS) and generators. Both technologies ensure power is supplied in a constant, uninterrupted manner. No need to fear from a short drop or spike in power or a complete power failure.
And they invest heavily in training their people who support you 24x7x365, on the very latest technologies and threats in the cyber world.
'Cloud Computing' has certainly given us the benefit of a secure data environment.
But are YOU secure? Answer: ???
To ensure we have strong security we must not only rely on technology to protect us (which it clearly does). Rather we should ensure we have strong operational processes in place, backed up by trained people who understand the need for data protection and informational security.
Cybercriminals understand that trying to breach security of these Cloud providers is often difficult, so they now focus their attention on the devices that are attached to it and can give them access; the target is you and me.
What we need to remember is that the target is not 'The Cloud', it is the data it holds. And the fastest route to that data is not through the Cloud, it's through the businesses that connect to it, it's through the human element. It's through you and me.
There is no such thing as '100% secure', because people are fallible. The only thing we can be 100% confident in, is our own ability to look at security from all angles; both technical and non-technical. We need to invest in 'Protection by Design' and embed protection into ALL our systems and operational practices. 'Cloud Computing' as a concept is secure. But are you? We all need to answer that question; It's down to you and me.