RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Data Breaches in the Cloud: Who's Responsible?
From:
Larry Medina <[log in to unmask]>
Reply To:
Records Management Program <[log in to unmask]>
Date:
Tue, 2 Sep 2014 09:29:13 -0700
Content-Type:
text/plain
Parts/Attachments:
text/plain (91 lines) 
On Wed, Aug 27, 2014 at 9:04 AM, PeterK <[log in to unmask]> wrote:

> Data Breaches in the Cloud: Who's Responsible?
> The cloud multiplier effect means data breaches in the cloud are increasing
> -- and becoming more costly. With so many states and localities opting to
> host their data there, what happens when breaches occur?
>
>
> http://www.govtech.com/security/Data-Breaches-in-the-Cloud-Whos-Responsible.html
>

I guess THIS was a rather timely article, given the announcements this
weekend of the "private" photo releases of many celebrities.  So far, all
reports tie the releases to content that was stored on iCloud, and in MANY
CASES, stored there long ago, and later deleted by those whose devices were
synced to the iCloud "service".
http://www.forbes.com/sites/davelewis/2014/09/02/icloud-data-breach-hacking-and-nude-celebrity-photos/

One thing this points out is even if you delete content on a device, if it
was backed up (by a sync) to a remote storage system, the earlier content
is NOT deleted by a later sync.  Aside from what was mined and released,
this means that content intentionally stored that a user assumes has been
deleted retains a 'digital footprint' that you are continually charged
for.

Granted, that's NOT what these individuals are concerned about here, but it
begs a question for those storing business content with a cloud service
provider.  Is what you're paying for what you THINK is there, or are you
paying for TB of "ghost data" that was never deleted?  And how to you check
what's there without doing a complete "data dump" and reviewing the
content, then starting all over?

I know this is what I do with my home content.  At a 'starting point', I do
a complete backup of EVERYTHING on the system, then using a routine
(Retrospect, Time Machine, etc.) I do incremental backups at a set time
frame. Once annually, I start fresh... on an independent drive, I do a NEW
complete backup of everything, then start incremental backups again.  This
way, there's no question what is there is what I have stored on my active
system and no data that was intentionally deleted between increments of the
backups.

Easier said than done for a storage system you have no controls over, other
than whatever your SLA and Contract state.  But if you can't periodically
verify/validate what's there is what you THINK is there... how do you
'test' the quality of your services?   For me, the major concern is not the
primary data store the service provider is managing AT THE TIME you begin
your agreement- it's the replicated copy (where is THAT stored and who
controls it; the primary vendor or a third party to them you have no
contract with).  Also the backups of that primary data store.  Where are
these, and who controls them?

The whole thing with "cloud services" is for them to be financially
effective, they must remain "agile"... they either buy additional capacity
form others when they need it, or they sell capacity to others when they
don't.  And these parties they buy from and sell to are entities you have
no control over or contract with... and THEY in turn buy/sell capacity as
they need it.  So no telling WHERE your content is and WHO is responsible
for it.

Here are some "fixes" suggested for personal cloud services you may want to
take a look at
http://www.zdnet.com/after-alleged-icloud-breach-heres-how-to-secure-your-personal-cloud-7000033177/

Ironic to me was the comment issued by Apple following the announcement of
the source of the leak... it went something like: "You only have a certain
amount of reasonable expectation of privacy with any information stored
anywhere except on a device you control yourself.  The best way NOT TO HAVE
your information compromised is to NOT STORE IS ANYWHERE else."

Hmmm... okay, you PAY for a SERVICE, but the SERVICE isn't provided...
where SHOULD the liability lie????

YES, I'm a HUGE supporter of Apple products and services... NO I DO NOT
have an iCloud account.  In part, this is why I'm dreading the next
"upgrade" of iPhoto, which as presently being discussed is pretty much
requiring storage in the iCloud for your images.  I'm thinking this is
going to HAVE TO BE optional; not mandatory.

Larry
[log in to unmask]

-- 


*Lawrence J. Medina Danville, CARIM Professional since 1972*

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2