Do we need bank vaults to secure our cloud data?
“Data is the new currency.” This statement should not come as a surprise to you. This new virtual currency is based on both customer activity and the trust they place in your products and services…and a large part of this trust is based on privacy. “What is a company going to use my data for?” We as consumers are quite aware of our individual opinions on this matter and have no problem voicing it. The other part is security. “How does a company store my data?” Here is where we as consumers often look the other way because we want the end product so badly.
The general trend at the moment is that companies are spending more money on security. According to Forbes, Worldwide Cybersecurity spending will increase to around 170 billion dollars by 2020, compared to roughly 80 million dollars today. The shocking fact, however, is that the projected damage of cyber-crime is expected to reach 2 trillion dollars by 2019. Suddenly, the 170 billion increase may become undervalued if we all agree that prevention is better than the cure.
A large part of this 170 billion dollars will be spent by giants like Microsoft, Oracle, and Amazon. Most of their trustworthiness is tied to the secure storage of data in their cloud products. A little over a year ago, Microsoft launched the Enterprise Cybersecurity Group to help give customers more confidence in the security of their products. Oracle CTO Larry Ellison focused much of his 2016 Oracle Open World keynote on security, and said “As they used to say at Ford a long time ago, security is job 1 here at Oracle with the move to the cloud.”
There is one company, however, who is leading the way on data security and it’s Google. They are not even hiding the way they do it. Last week, they published the Google Infrastructure Security Design Overview which gives an incredible amount of detail on the six layers of security that they have baked into their processes. This ranges from the physical security of data to the technical constraints and processes in place to support operational security.
The most exciting and noticeable addition is the that of custom-built chips that help authenticate Google devices. The technology of silicon level security isn’t new anymore, but few have utilized it in the same way as Google. Such a level of security is seen as a key component in a strongly needed increase in security, especially when combined with Trusted Execution Environments (TEE). The expected rise in IoT devices over the next five years could mean that while our security touchpoints might increase exponentially, the price of ensuring security won’t rise at the same rate. Ultimately, critical systems and routines can run parallel with regular operating systems without suffering from the vulnerabilities of non-critical systems.
In the end, what’s important? When the branch of your bank is open, it doesn’t necessarily mean that the bank vault is vulnerable. Wouldn’t you expect the same from the people who deal in this new virtual currency? And for that matter, would you entrust your data to any company that leaves their vault wide open all day? Think about that next time you’re filling out a simple web form, and see if you still want to enter those sweepstakes or find out which animal you resemble most.
(About the author: Michael Feith is a managing digital solution architect at Sogeti Ireland. This post originally appeared on his Capgemini blog, which can be viewed here)