A few weeks ago, I got into a discussion about cloud computing from an unusual angle. I posted a link advising people to secure 25GB of storage on the Microsoft SkyDrive before they reduced it to 7GB. A friend of one of my friends commented that he did not trust the cloud, hadn’t got into it yet especially for backing up. So I provided some more information to him, which I thought worth sharing here (with a few edits to make it easier to read).
I guess you are specifically talking about personal storage including music storage in the cloud as you are probably using the cloud already for many services on the internet.
Amazon is a big player in this space. Their hosting services are very popular with some of the largest commerce sites.
The Chrome book, a portable computer from Google, is Cloud based – no local storage. Already with us. Google Docs (now Google Drive) is already very popular and many public organisations, especially in the USA, have switched to it as primary provider of office applications and email services.
Microsoft now offer a cloud based version of their office suite.
No, I do not trust Cloud providers to be discreet and treat my data as confidential. Not so much because I doubt the policies and intentions of the larger providers, but because information in the cloud and on the PCs and mobile devices are inherently vulnerable to being cracked. Frankly most personal PCs/devices are far less secure than the large cloud hosting environments. Many people still use passwords that are based on words in human language dictionaries, lists of names of people/pets/teams, etc with stupid character substitutions – 1 for an i – all of which for all of the most popular password hashing algorithms have been pre-cracked and are available for download as rainbow tables. Many people login to free wifi hotspots without using VPN technology (a kid in the same MacD’s/Starbucks/etc can intercept BEFORE https is used and fully compromise everything that follows in an online session).
Some cloud providers use very secure encryption and DO NOT hold the access keys themselves. They cannot look into the files or open them to the government even if they want to. You can store encrypted files yourself (using, for example, truecrypt). So, when and if security matters, there are good options.
I do not mind Google using automated tools to look at the content of my files and email in order to target advertising to me that is more useful to me and which pays for the services. This is the main revenue for some of the cloud storage services. Many earn revenue from conversions to subscription services. The Apple Music Match service is a no brainer for anyone with a substantial music collection including pirate copies as it legitimises it all, gives you the highest quality versions, and makes is available at your convenience. They charge an annual fee for this.
For many people, a very high percentage of their time using a computer is online (social networking, photography, email, news, films, etc) so they might as well use a “dumb terminal” – similarly, many offices now are moving away from using generic office applications over to the very powerful and comprehensive ERP/CRM/MRO etc solutions. A lot of companies are also now moving away from email. So, yes, I can see “dumb terminals” making a comeback. Everything in cycles in IT. People will use their own computers for very specific vertical purposes where very particular hardware/power is needed. Even the gaming industry is moving away from the high-end PC focus now, as most average PCs are more than good enough. The latest major games (which make far more money than the film industry) do not need the top end hardware – in fact, most often targeted to work on consoles first or as well.
I think I have addressed several of your points already. I would add though, with respect to your query “Is cloud the answer?” that Cloud is simply an enabling technology for distributed services (long been considered a preferable approach to localised services outside of very specific vertical purposes). Value of data and risk of being targeted also have to be considerations.
The vast majority of my data is of little value to anyone other than myself and data that is very important to me and/or which could be used to my detriment I encrypt and store using cloud based services. I use open source encryption in a sandboxed environment and no one else has knowledge of the keys (unless they break into the bank vault where important papers are physically secured alongside the instructions to access the data).
Your question “is storage in the digital age secure” is probably too general to be addressable definitively. Leaving aside physical security of the storage media used, it really is down to the security technology and practices an individual follows. The weakest link in most cases is the end user PC (unless an operating system is used with boot disk level encryption and decent length non word based passwords, then all bets are off anyway – given a $50 graphics card can break random character passwords of 8 characters or fewer in seconds and up to 12 characters in minutes on Windows installations, then this is a problem area).
Currently, best practice use of encryption tools such as truecrypt are considered computationally infeasible to crack. If the decoding of information is done at the end user side rather than in the cloud environment and good practices have been followed in the end user environment, then yes, storage can be secure. Encryption technology is regularly updated, cloud technology is advancing rapidly, communications are improving quickly and I would say that regularly refreshing the storage of important data in a secure manner is entirely feasible and practical.
There are currently lots of cloud storage options that are free of charge and the best encryption tools are open source and free. There are syncronisation tools that can take advantage of the cloud storage options to maintain backups / secure copies of encrypted information in several places, including supporting versioning. For those that care, personal data can be very well protected.
That said, you might like to note that I pay for some of my cloud storage including SpiderOak (for encrypted on line storage of some critical personal files) and Lastpass premium (to create and maintain my passwords in the cloud). My most important accounts all use two-level authentication and the information in Lastpass is not sufficient to get this protection turned off (I trust Lastpass local encryption, believe the company does not have the means to open my data themselves, and protect their code well BUT their solution is not opensource and therefore has not been subject to public scrutiny – a constant debate in their forums).