You have heard the warnings about cloud computing: “do not trust the cloud” “tech giants are trying to keep your data hostage” “you are no longer in possession of your own data.”
When managing sensitive content in the cloud, you’re relinquishing control over that data and handing it over to a third party. This may be a hard pill to swallow for some companies, especially when it comes to proprietary information. A number of the concerns regarding data security are justified: in the last few years, we watched Sony, Target, and Ebay suffer massive data breaches, not to mention the notorious Heartbleed bug that’s still on everyone’s mind. So if multi-billion dollar companies are still vulnerable to attacks, do small and medium sized companies even stand a chance?
If your data is on a local intranet then, in theory, someone on the internet cannot access the server. This is the “security through obscurity” belief which suggests that if hackers can’t see the code, then it’s harder for them to find ways to break it. But that philosophy is flawed. As Technical Architect, Rex Morgan illustrates:
"Security through obscurity would be burying your money under a tree. The only thing that makes it safe is no one knows it's there. Real security is putting it behind a lock or combination, say in a safe. You can put the safe on the street corner because what makes it secure is that no one can get inside it but you."
Similarly to cloud computing, open source software has always gotten the bad reputation of being a security risk, especially in its early development. But that perception loses validity when you look at products like Linux, for example, which is one of the most secure operating systems in the world and was developed using open source code. The real strength of an open source platform is in its community: the more people looking at the code, the higher the chance of spotting flaws and fixing them quickly. This is what’s missing in the “security through obscurity” approach.
Cloud computing has come a long way since the 90s: today it’s just as secure, if not more so, than local intranets. It’s thanks to hackers and the community of developers and testers that cloud providers are able to continuously improve on security: the cloud is so easily accessible online that millions of people can look at the framework and find the vulnerabilities. Essentially, cloud providers open themselves up for security risks, let everyone take their best shot and then they go in and fix the holes. Over time, the community helps to harden the framework and eliminate the risks. There are even companies like GitHub, who create bounty programs to openly encourage people to try and hack into their servers and report the risk for a cash reward.
In terms of ownership, with cloud computing you are only giving up possession of your data in the sense that it’s not stored on your local drive. The benefit is that the cloud provider looks after the maintenance to ensure that you don’t lose any of it. As much as you are giving up control, you also give up the responsibility of ownership. For some companies that’s a negative, but when it comes to cost and risk management, it’s a significant advantage. Managing and maintaining a server is a huge, ongoing cost and requires an entire team of experts. With cloud hosting, you share this cost with all of the other people using the service. This is critical for both small and medium sized companies that want to protect their data but can not afford the investment of private servers.
At Solink, we offer both on-site and cloud hosting. This ensures that our video discovery solution is deployable regardless of the compliance issues that may restrict off-site hosting options.