"Nobody understands the cloud," says a lead character in the summer comedy Sex Tape. "It's a mystery!"
And with that, popular culture has now exposed a fundamental knowledge gap in the ordinary consumer. Even though our smartphones are set up to auto-save pics to our online accounts, we enjoy hours of streaming videos and music, and we regularly use online email, a lot of people don't know where all this information is stored. They just know "it went up to the cloud".
Helping a typical employee understand the cloud can go a long way toward protecting sensitive data and keeping files in house, where they belong. This article discusses the cloud in plain-speak and may be a good tool for your next security awareness training session.
What is the cloud?
You probably hear about "the cloud" frequently and think of a single, huge computer that holds trillions of files. Actually, the cloud refers to some company's network of data centre servers that's accessible to consumers and organisations via the internet. Amazon has its own cloud; so do Apple, Google and a lot of other companies. "The cloud" is a generic term to describe whichever company's network of servers to which you connect.
A company can also create its own cloud by leasing space on another company's cloud. For example, Company A wants a cloud for its customers, so it pays a monthly fee to Company B, a cloud provider. Company A's customers use the cloud, unaware that their files are actually stored on a different company's server. It's a common practice nowadays, and both Company A and Company B put measures in place to protect that data. (More on that later.)
What is the cloud used for?
The cloud makes sharing documents, photos and pretty much any type of file easy, using any device running any operating system. All you need is an internet or cellular connection. But the power behind the cloud is storage and Everything as a Service.
Special servers in a company's cloud do nothing but hold data. Lots of data. Think of your own computer, which probably holds upwards of 500GB of data. Compare that to Microsoft's cloud servers, which hold a combined total of more than 400 petabytes. That's like 100,000 hard drives and that's just one company's cloud resources.
Whereas some clouds are built mainly for storage and sharing, such as Box and Instagram, other clouds deliver services. The services are typically sold on a monthly or annual subscription basis; others are free. Three common services are Software as a Service (SaaS), Infrastructure as a Service (IaaS) and Platform as a Service (PaaS).
SaaS covers a lot of territory, such as online email, word processing, customer relationship management (CRM) software, software development management, content management and much more. Google Gmail is one example.
With IaaS, you get a virtual server in the cloud, on which you can install and run applications just like you would on a physical server in your office. It has everything an ordinary server has: Network connections, storage and so on. The cloud provider owns the server, which runs within the provider's IT infrastructure, and is responsible for making sure it runs properly. This eases the administrative burden for companies and saves them money.
PaaS is the most complicated, and provides an entire platform on which a company can build and test applications, manage huge databases or run a very large website.
Why is storing documents all over the cloud bad for business?
With services such as Microsoft OneDrive and Dropbox only a click away and offering up to 15GB of free storage space, it seems reasonable to use them for holding work files, especially if the company's server is frequently down or not accessible. However, storing files in any location other than company-sanctioned servers makes those files difficult for IT to find and track. It poses a big security risk, too.
Remember, IT is responsible for the protection of all company files. If you save the only copy of certain files offsite, IT can't do its job. If the files are lost or stolen, and contain sensitive or confidential information, you could very well be held responsible and face disciplinary action (at the least). Unwanted disclosure could also cause a major catastrophe for your company, and you don't want to be the person with that weight on your shoulders.
It's also difficult for coworkers to access offsite files when and if they're needed in a pinch, which is likely to occur when you're on vacation or otherwise unavailable. It's just not a smart practice and it's bad for business.
The level of security offered from one cloud provider to another differs as well. Not every provider has the best track record as far as keeping out bad guys who find new and interesting ways to breach servers every day.
A word about products disguised as 'The Cloud'
Now that we've covered the cloud proper, you might also explain to employees that the cloud is a great selling point for some companies that manufacture local storage. These are typically external drives that connect to a computer or router and let you access files whether you're home, at work or across the world. With up to 2TB of space, such drives are popular for storing videos and music, then streaming those files to a home entertainment system or other home computers. They're often pitched as a "personal cloud," too.
Well, yes and no. They're local storage that's accessible over the internet, with some bells and whistles to make them fun to use, but they don't offer anywhere near the huge capacity and gamut of services that a real cloud does. They're called "personal" for a very good reason and should be used as such.