Analogy: Imagine your data as gold bars
Your data is precious. So, let’s imagine that your data is replaced with precious gold bars.
You have acquired some gold and want somewhere safe to store it. Initially, whilst you work out a plan, you just hide them somewhere safe in the house: A sock drawer, under the mattress, a “safe place”. Over time however, you start to worry about the what ifs:
- What if I forget where I put it?
- What if there is a fire?
- What if someone accidentally throws it away?
- What if someone finds it?
- What if I am burgled?
The next natural step might be to invest in a safe. The first question though is how big a safe do you buy? If you buy one that is too big then it will take up more space in the house than you have room for; plus a bigger safe will cost most than a smaller safe. However, if you buy a smaller safe do you have room to potentially put other valuables in it if you decide to? Does the safe need to be fire proof? If so, what rating would be sufficient? Is it combination or key based?
In our analogy, this safe is your on-premise data security solution.
- Did I buy the right size?
- When I upgrade do I consolidate to something bigger or just buy another small one?
- How do I store and manage the keys?
- If I have a combination who do I trust with the combination and where can I safely write it down?
- How secure really is my house overall?
- If someone gets inside the front door then can they have time to crack the safe without anyone outside noticing?
- Do I have the skills and resources to manage the security properly?
- Can I provide 24x7 assurance that my safe is....safe?
The problem is that the local option provides “good enough” security for a lot of circumstances but it can cost a significant amount of money to provide full protection. A lot of people get lulled into a false sense of security by having assets stored locally. However, without the relevant infrastructure, skills and security resources storing assets locally can often be the equivalent of storing cash under the mattress.
So, what alternatives are there for storing your growing gold stash?
One option could be to rent a safety deposit box. The idea being that you are renting a standard sized unit of secure storage. As the renter, you own the keys to that box and not the bank. In addition, that safety deposit box is stored in a secure bank vault in a secure facility with industry regulated security controls such as guards, CCTV, biometric access, etc.
That safety deposit box in our analogy is the cloud hosting option. There are a lot of overlaps with the analogy vs real life:
- Cloud storage is rented in fixed unit sizes and can be extended or shrunk with relatively short notice
- Most clouds offer customer managed keys so that even if staff can access the datacentre (vault) then they cannot access the customer data (gold in a safety deposit box)
- You are entrusting your valuables to a third party who’s sole reason for being in business is to look after other people’s stuff; they have a very strong interest in keeping your stuff safe
Of course, it is possible to rob a bank but the occurrences are exceptionally low and arguably it is a much lower risk than keeping your assets within your own local boundaries.
So ask yourself, if you were lucky to have £10m worth of gold, would you sleep more soundly if the gold was in the wall safe in your bedroom or in your secret Swiss bank vault?
Of course, bank security is regulated and banks need to demonstrate security competency on a regular basis or risk losing their banking licence. One final question then: should we have similar such licenses and regulation for cloud suppliers?