MSExchangeGuru.com

Learn Exchange the Guru way !!!

 

Cloud and Security- A Never-Ending Debate

We would like to firstly thank for the over-whelming response our recent post Journey to Office 365 – Emails in cloud!!! got. We also received some mixed responses based on Prism disclosures. This post is more about delving deeper into the “Prism disclosures + data/email in cloud”.

We live in a world of “Big Data” where all we encounter is massive data explosion from diverse sources where peta, exa are no longer relevant but zettabyte is. With “Internet of things”, there is an amplified connectedness of everything. We no longer have data management as a major concern but more as a focus area for corporate strategy.

The world has been ramping up in all facets of marching towards a digital economy empowered with social, mobile, cloud and big data. These emerging trends are disruptive and game-changers for the world, presenting a whole new face for doing things. While they get many dynamic and powerful capabilities they also present a huge gamut of threats. As they say, with every new technology, security is always at a bigger risk. This report chronicles the major trends observed in 2013 per se “Threat Landscape 2013”.

We need to revisit the data management strategies from a security standpoint far more pro-actively to withstand/fight back any attack.

With recent announcements by NSA (National Security Administration), should consumers get panicked about placing data in cloud/enterprise service provider?

Cyber-security has always been a concern and will remain so forever. Times have gone when it was more about fighting it out once the situation prevailed. Today its more about deterring such efforts.

With reference to some key citations few months ago by Edward Snowden which stated that NSA used decryption techniques for cracking Secure Sockets Layer Services (SSL) and Virtual Private Networks (VPN).  These decryption techniques would certainly not be any different from what a hacker/potential threat would be able to use. The decrypting techniques used and employed on are purely from a security standpoint and more towards – preventing and detecting “anti-terrorism”.  They are used towards specific instances and circumstances which give/pose a potential threat. NSA officials are certainly not interested in knowing the personal/corporate affairs of any individual/enterprise. This law isn’t meant for normal citizens.

We may then think- so how much and where all is the government having a visibility in our data, is the government watching me?

For any enterprise, a customer means a huge deal. Having said that, all enterprises, am sure will place a good amount of priority on “Privacy”. Enterprises and we are legally binded for/by the law. So it goes without saying that PRISM initiatives are meant for legally authorized targets who need to be intercepted. The government uses only Section 702, to acquire information which is very specific and defined per se, Foreign Intelligence Surveillance Act. While this link will give a better idea about the range and category of requests on major technology companies, we think that it will still be ideal if there is more transparency for everyone.

These are matters of significant weight, thus we are sure that enterprises understand the significance of complying and dealing with such requests.

The link indicates the level of transparency enterprises want to give to consumers. While government is quite right in driving these initiatives, a lot of emphasis has to be also given to the approach taken to execute this with a major priority in establishing “transparency” between enterprises, government and consumers. It does demonstrate complex legislation to charter the extent/boundary of invasion in situations of doubt.

As consumers who believe on any reliable service provider, we think it will be of paramount significance to have the transparency to their data- when the government does turn up to enterprises for information, how much does an enterprise can/will share?

So again coming back to the same question- should consumers be worried about data, the answer is always YES.

The techniques used by NSA are no different from what is/will be used by potential threats. What consumers do need to worry is about those threats/criminals who can cause havoc. Hacktivism exists everywhere- be it cloud, mobile, on-premise or off-premise.

The PRISM initiative will help in identifying the masked threats before they can cause a damage. Security, encryption and hacking are dynamic arenas, we need to constantly battle it out. Risk is no more a state of management but defense management.

Internet and technology have created unmatched opportunities for business and users making the world a “global village”. Technology has not just made the world a smaller place with globalization but also strengthened terrorism directly or indirectly- a digital menace. It also in a way, facilitates anonymity for terrorist initiatives to coordinate and integrate attacks.

Today it is significantly prudent to monitor and shelve initiatives that support/facilitate terrorism, which happens in virtual networks. The networking of terrorism in today’s information age is beyond borders in their borderless horizons.

We are sure, we want to have a normal life where we wouldn’t want to think once if we want to take our families to a movie/park thinking if its safe or not! We wouldn’t or lets rather say, cannot imagine uncertainty in our lives for leading a normal life where simple pleasures have to be calculated.

Also, we need to understand diverse elements that are involved. Looking back over the years, the evolution of human species has been incredible and aggressive. Since the Stone Age, human beings have been aggressive – protecting/fighting with sticks/stones till massive nuclear arms today. With the intellectual evolution, aggressive evolution has also happened. Aggression is a trait- can been shaped and targeted, depending on the mental state of a human being,  engaging in different formats. Debauching a human mind is one of the easiest things. Technology is very powerful. Depending on the intentions, it can have positive and negative outcomes. With NSA, we need to develop/have the perspective that the intentions of NSA are to protect us not harm/manipulate us. What we also hope is that the government can build a thorough transparency in the defence mechanism amidst consumers, strengthening the trust.

Regards

Anita

Technology Evangelist

Team@MSExchangeguru

6 Responses to “Cloud and Security- A Never-Ending Debate”

  1. Adam Says:

    Per NSA PRISM documentations, Public Cloud servers such as Office 365 servers have Backdoor Access.
    Also per NSA PRISM documentations, Microsoft & Google have given encryption key to NSA.
    The cat is out of the bag 🙂

  2. Amit Says:

    Hi Anita,

    Looks like MS is taking this issue now seriously.
    http://windowsitpro.com/security/microsoft-joins-war-against-nsa?NL=%28News_WIN_JH_CloudVirtualizationUPDATE_16Dec2013%29%20Batch&E_ID=7898138&NLL=3474

  3. Adam Says:

    @ Amit
    This is very true today:
    “The NSA’s efforts have seriously hampered any belief that the Public Cloud can be a profitable business anytime soon. Enterprises are now focused solely on architecting Private Clouds and it will be a very long time before the Public Cloud will become a real opportunity. A Private Cloud eliminates the connection between the on-premise datacenter and a Cloud hosting collective. It also ensures that company data is retained, controlled, and managed within the corporate structure instead of trusting it to the wilds of the Internet where the NSA is constantly creeping.”

  4. joe Says:

    I agree with Adam.

  5. Patel Says:

    Adam is Correct.

  6. Moe Says:

    Adam is 100% correct.

Leave a Reply

Categories

Archives

MSExchangeGuru.com