I’m often asked to comment on cloud security but it’s hard to generalize when no two clouds are the same. The security of a particular cloud provider really depends on its hardware, software, back-end implementation, and diligence and competence of the staff.
As an outside customer you generally have to trust that a vendor has implemented their version of a cloud properly and as they describe. The stability and reliability of cloud infrastructure has recently been tested with two significant data losses occurring in the last week or so.
First, the servers that support the SideKick cell phone, manufactured by Danger, Inc, had a major failure. Users who need to restore from the server found that they no longer have any of their data. Microsoft, who now owns Danger, recommended that users do anything in their power from having to restore from the server while they try to recover the system. As of Oct 20, Microsoft has released information on how to restore user’s contact information, with other information such as photos, notes, or to-do items still not recoverable. General repair information is in this Microsoft Announcement.
The second major failure was from SwissDisk a cloud storage provider that seemed to lose ALL user data. This was reported by The Register, with strangely no hint of a problem on the vendor’s website. It would appear that SwissDisk is asking users to re-upload all data to their system since they have ‘outsourced’ to a new cloud provider, presumably deciding not to use their own hardware anymore.
Many people believe the cloud to be an infallible platform for complete corporate infrastructure outsourcing. In reality, a provider needs to be carefully selected for their infrastructure and disaster planning. It suddenly feels like clouds can fall as easily as the corporate servers that they are replacing. The moral of the story is that “Cloud Providers Matter”, so make sure you learn about the company housing your data.