What can be trusted to cloud services: views of employees of IT companies

Cloud services are firmly established in the life of most Internet users. More and more people keep their files, documents and personal correspondence on remote servers of Internet services.

A few days ago, foreign IT publications told about the new cloud project KeyMe. It is remarkable in that it offers users to take a picture of the key from their own home or car using a special application (the photo is saved to the cloud) and then “ print ” its copy using a special kiosk in the nearest supermarket.
')
The emergence of this service has caused a wave of discussions - in particular, users are worried about the likelihood that attackers will be able to steal photo keys stored in the cloud and make their copies to commit a robbery.

We decided to find out how sensitive data (personal and work) is trusted by cloud services by representatives of Russian Internet companies.

Alexey Shevelev (@Boomburum), Project Manager, Thematic Media

Until recently, some level of distrust towards the “clouds” was still impossible to overcome the discomfort from not having physical access to my information, that not everything depends on me. But lately, apparently, he accepted it - first he entrusted some of his data to iCloud, then he began to use more actively any Dropbox / Yandex.Disk / Google.Drive - I keep some “working” data in them that have a rather short lifespan : I delete this data immediately after I work it out. Getting access to these data by third parties is unlikely to somehow affect something.

The storage of more “long-playing” data is still trusted only to physical drives - a RAID array at home and at work. But yes, I often step on the rake of the inconvenience of synchronizing this data. But since it doesn’t bother me much, then, apparently, I am not yet quite an active user of cloud services.

---

Andrei Zagoruiko, co-founder of the publishing house "Committee"

I personally use dropbox and store both personal files and a number of working documents there. In parallel with this, I regularly make backups of all key files in Google Drive plus sync everything to Time Capsule.

I don’t see any problems with security - two-factor authentication + a complex password protects data more reliably than any other services available to ordinary people. In the end, the hard drive from Time Capsule can just be stolen, and the data from the dropbox is so easy not to pull out.

---

Sergey Shalaev, CEO Surfingbird

Of course, I do not trust cloud services, both in terms of privacy, and in terms of reliability. But more often it is just more convenient than all the other options.

The employees of my company are the same people - if there is a choice between convenience and relative security and super security, I think they will choose the first, even under the penalty of fines [for using public cloud services].

---

Alexey Sintsov (@ d00kie), Principal Security Engineer Nokia HERE

The question is very widescreen. There are many points of view, depending on what kind of data we are talking about, what is the purpose of the cloud, and so on. Personally, I completely trust the clouds from AWS to Google, but I also understand the risks in the case of my negligence - weak passwords, lack of two-factor authentication, compromise of my keys, and so on. In general, there are few “new” threats for the user. If we say that the owner of the cloud can “merge” the data - then this is a matter of pure trust and contract, I doubt very much that AWS or Gmail will merge my data. It is possible to sell impersonal data, statistics, interest analytics, but this doesn’t bother me much.

As for hacking the clouds, it’s the same rather blurry topic, if you take the story from HeartBleed, then, for example, ELB AWS was vulnerable, which automatically means that all user services that used the SSL terminator on the ELB were vulnerable and could break them. On the other hand, Amazon promptly and independently corrected this problem by updating OpenSSL to ELB during the day, thus automatically “saved” all its customers, while very many “non-cloudy” infrastructures did not have a sweet, remember the story about Russian Railways and its payment gateways, through which a lot of cards have flowed out due to the sluggishness of the team. That is, there is a lot to talk about and remember different examples, everything is quite individual and there will be different data, different solutions and different usecase for a particular user or company. For example, we offer a navigation platform like a cloud - we are very concerned about a very good and convenient solution and security issues.

---

German Klimenko, founder of LiveInternet and Mediametrics services

I am very calm about cloud services. Conveniently. The data that I consider "critical" I store in encrypted form. There are not so many of them and maintaining an encrypted archive of bills, pins and all sorts of scans of important documents is not burdensome.

Probably I would not be very pleased if someone gets access to the folder of promising projects and gets information about how we are doing for example the game. But the risk of such an event and the cost of the consequences are certainly incomparable with the convenience of cloud document storage and teamwork.

---

Ilya Grabovsky, Head of External Communications, Maxima Telecom (Wi-Fi in the metro)

Cloud services have long become an integral part of my life. They are related to both workers and private affairs. Fears, it seems, do not arise. First of all, I believe that security, in the first place, is the work of the user himself. Secondly, if someone wants to get some data about a particular user, then hacking, for example, cloud storage is the most difficult way.

Many people do not even notice how much they tell about themselves in various social networks: you don’t need to break anything in order to understand what a person likes for breakfast, and with whom he is going to sign a cooperation agreement. Or, for example, you can go to “Coffeemania” (which is not the essence) at any time of the day, order good coffee and just listen - people around will tell you everything: starting with news from a fresh press, ending with the intentions of their own companies. Therefore, it’s not worth worrying too much about the security of cloud (or any other) services. You just need to be careful and careful yourself. The greatest amount of confidential data people give out without noticing it - this is where the real breach of security is.