Year for Productivity: Session 9: Security in the Cloud

year_productivity_graphic_9Now that we have spent a couple of months together talking about managing our knowledge and some of the online tools that are available to us, I feel like we should spend this week taking a step back and considering the safety of our information.  We are all very aware of cautions we need to take to protect our privacy on social networking sites like Facebook or LinkedIn, but how many of us have considered all the other online tools we use every day?

It is easy to become complacent about our online security.  Many of us have whole departments of IT professionals who are busily keeping our emails relatively clear of spam, and alerting us to possible infestations of computer viruses and worms.  With our Knights in Shining IT Armor guarding our systems, it is easy to overlook other kinds of vulnerabilities that might be targeting our data instead.

Information Security with regards to cloud computing was highlighted for me recently by our Security Policy and Compliance Manager in our systems area.  Our conversation was eye opening for me and resulted in a new page that I post in my research guides and discuss in my workshops and classes.   And he is far from alone; in fact, Forbes has an entire section of their website devoted to latest news in Cloud Computing.

For example, I had never thought about the vulnerability of Dropbox.  That wonderful tool that just automatically syncs my computer with the Dropbox files when I log in, could be vulnerable to being hijacked. All anyone needs is brief access to my account name and they could add their own computer as a new location for syncing.  This would result in anything I added to my Dropbox being automatically sent to this hijacker as well.  I am told it is somewhat tricky to determine all of the locations that sync to my account, so this could easily go unnoticed for some time.  Now I do not put sensitive information in my Dropbox, so this is less of a concern to me.  Consider however, your researchers who DO deal with sensitive information as well as data on new discoveries and possible patentable research.  This could be devastating to them as well as the university should they have their data prematurely revealed. The University of Michigan has a great page that their IT folks put together on their view of data safety in cloud based storage and Google Docs. The page is very user friendly and brings up great issues for faculty and researchers alike to consider.

Who owns your data?  Have you ever read the details of those impossibly long license agreements that we all click through when loading new software?  Section 11.1 of Google’s terms of service says that “you give Google a worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through the Service for the sole purpose of enabling Google to provide you with the Service in accordance with its Privacy Policy [source: Google].”  This is not unique in the field.  Similar terms are in Skydrive, Dropbox and iCloud.  While Google assures us the service term is just so that they can manipulate our data files to provide the service we are desiring, it still causes one to take notice, especially if dealing with funded research projects.

Then there are mobile devices.  Mobile devices are often more vulnerable to security breaches and offer hackers more opportunities of access to cloud services.  The most secure company computer can be derailed by just one unknowing employee syncing their infected mobile device with the secure environment.  Free WiFi hot spots are also a vulnerable area; Bob Rankin did a very nice writeup on this topic on his site: “The Big Problem With Free Wifi Hotspots”.  If sites you visit or email providers you use don’t encrypt their connection, then anything you send or even read could be vulnerable to being vulnerable to other eyes as well.

So should we go back to just using our mobile devices offline?  No, of course not, but being aware of vulnerabilities and taking precautions such as authentication procedures using strong passwords, and cryptography for sensitive data can go a long way to making our mobile use safer. Ellyssa Kroski wrote a lovely post in January for the Open Education Database on online privacy tips for librarians.

 

For Further Exploration and Insight: 

1.  Do you know the IT policy of your university?  Search it out or talk to an IT professional about possible vulnerabilities for you or your users.

2.  So are Cloud Computing fears overblown?  Read Emma Byrne’s three-part series in Forbes .  Where do you stand on the issue?

Selected Readings:

Byrne, Emma. Forbes December 2012. Are Cloud Data Security Fears Overblown?  (3 part series)

Forbes, Cloud Computing Section

Kroski, Ellyssa. iLibrarian. January 29, 2013. 10 Online Privacy Tips for Librarians

Rankin, Bob. The Big Problem With Free Wifi Hotspots

University of Michigan. Cloud Computing and Information Security.

Calendar Image courtesy of ammer/FreeDigitalPhotos.net

Print Friendly, PDF & Email