I have a question. How secure is google drive? I recently learned that some of the local school districts use google docs and google drive, having the students (as young as elementary age) do work in google docs and then post it in their google drive. There is nothing sensitive here in the manner of financial information or industrial secrets. I'm sure, though, that none of these students would want their awful 8th grade essay, or journal account of some personal experience, trotted out later when they are 26 and looking for a job - or a date. The parents are not asked to approve storage of their students' work in the cloud, and sadly the teachers I have spoken with seem to have no understanding at all of what the cloud even is. They had no idea the student work was stored outside the school building, much less outside the school district.
Am I being paranoid, or is there a legitimate concern here?
I would look at Google's terms and ownership of the content that is placed out there.
cloud infrastructure tends to grant more layers of security than does the average in-house i.t. infrastructure. cloud providers usually dump more revenue into the process of maintaining their servers and the edges of their networks. in addition to the general superiority of their technical controls, they also benefit from dedicated physical security, complete with clean server rooms, locks, biometrics, and "defense-in-depth".
the internet has more-or-less relied on cloud technologies since its birth; only in the past half-decade has the "cloud" become a marketable buzzword. the only novel aspect involved is the fact that providers have realized how much they can profit from p.a.a.s./i.a.a.s./s.a.a.s. subscriptions, while other companies small and large benefit by outsourcing services and transferring risks they would normally have to handle in-house. financial losses would have been greatly mitigated if more people had established parity of their data during 9/11 through cloud technology. additionally, it should be noted that cloud networking has provided a reliable means of preventing denial of service attacks.
the biggest issue involved in virtual outsourcing is that cloud providers must typically ensure privacy for their clients, which means that prospective clients have fewer resources for performing risk assessments. you can't always know the specs of a server or the traffic in your virtual network when so many other user activities go on there. that's what makes migration to the cloud so counter-intuitive.
it's disheartening when such a large chunk of cloud intrusion detection must depend on client-side reports.
veering into more political territory, law enforcement doesn't necessarily need a warrant to pressure a cloud provider into forking over your information. if you're really in the mood for tin foil hats, there's also the risk that your cloud provider may decide to analyze your data to extract meta-data. or worse, sell it off to an interested party like that of an intelligence agency.
on the bright side, the cloud seems to be provoking end-users into actually reading their terms of service. ffs, [MENTION=8936]highlander[/MENTION] could implement a clause into typec's terms of service about how all new users must grant [MENTION=8936]highlander[/MENTION] custody of their first born child and nobody would know the wiser.
edit: risk management really boils down to the question of what you're going to store or develop. if the price of the data probably outweighs the cost of the surrounding control framework of your provider, don't put it in. if it's top secret or confidential, don't put it in. no need to pull a hillary clinton.
