Are you afraid of the Cloud?

Depending on who you ask, you get different answers to what “the cloud” is exactly. That is because the cloud is many things, and, depending how you use it or who supplies your “cloud,” you could do well or do very badly. But what exactly is “the cloud”? The cloud is basically all the servers and systems we used to have in a closet or server room, all kept somewhere in a giant computer farm/warehouse and managed by someone else. You never have to replace your server hardware again. Many people worry about the security of the cloud; that once they put something in “the cloud,” anyone can easily get it. That is theoretically true, sort of, but should be discussed a bit more.

First, using your own computers and file servers (i.e., computers physically located at your business and accessible to employees over a network) implies that they are more secure than the cloud. This is usually not the case. As a professional IT consultant, I must tell you that many IT people may not really know what they are doing when it comes to security. They say they do, but don’t let them fool you. Most of the breaches that happen are because a person made a mistake and did not do basic things like update a system/application or even close a door. So, if you are certain that your systems are as secure as they need to be, then you are safe. But I would go as far as saying that 90% of most IT systems are not secure.

This is where the cloud comes in. For example, Microsoft has designed Office 365, which runs in the cloud, to be secure. In fact, it has been intentionally set up to not be accessible to their administrators. They have built big server farms, and, when you subscribe, your company gets a “tenant” on one of their server clusters. (A tenant is difficult to briefly define, but is essentially a representation of your organization, or a partition of Microsoft’s system.) These servers are designed to run and be fault-tolerant using shared storage that is distributed across Microsoft data centers. Backups are happening all the time in the background. Policies are in place to keep deleted items and only purge them after a certain amount of time has passed. If a user deletes a big folder or malware starts accessing lots of files, you get an alert so you can stop it and roll back.

So, what is to prevent a Microsoft engineer from simply logging in as you, you might ask. Well, they can’t! It’s not designed that way, so much so that, when you call Microsoft technical support, a Microsoft engineer can only view your screen and tell you how to fix it. You have to do the work, so they never have access to your data or your tenant.

But what about in the data center? If you are really paranoid here, what is stopping a rogue engineer from going to your tenant’s server, removing a hard disk, taking it home, connecting it to their computer and reading your data? Well, first, the data on the disk is encrypted with Bitlocker encryption, so the game is pretty much over at this point. But let’s say they can get past Bitlocker. They open the disk and they see your files, right? Wrong! In Office 365, files are stored as “shards,” much like shards of glass. And the Office 365 tenant system is the only thing that knows how to put the shards back together in the right order to reconstruct your files. But it goes further! Each shard is encrypted with a private key specific to that file and that shard. The “Rosetta stone” for how to put these back together is stored in your tenant and each file and each version of a file has a different Rosetta stone and different key. (This is starting to get a bit complicated!)

So, the only way for a hacker to get your data is to login as you. “See, I knew the cloud wasn’t secure! All someone needs are my username and password and they can get all my data!” Not so fast there, bucko!

That is where Multi-Factor Authentication or MFA comes in. MFA is typically a two-step authentication. You enter your username and password and click ‘Login’, your phone gets a text message with a code that you then need to enter as a second factor, and only then can you login. The theory goes that MFA requires something you know and something you have, i.e. your phone. So, now the bar rises even higher. Now I have to: 1) Get your username. Easy! It’s your email address. 2) Get your password. Easy! It’s “password1234”. But now the challenge…… 3) How do I get your phone? Not only that, I have to be able to unlock your phone too (which is a very good reason why you should lock your phone!). I have to physically steal it and cut off your finger to unlock it. Probably not going to happen.

Now some caveats. There has been a lot of work by hackers to try to capture text messages, but it still is quite a bit of work to get someone’s texts in real time. So, now you are saying “Ah Ha! I knew it! The cloud isn’t secure!” But there is a fix. There are apps you can install on your smartphone which generate codes and do not rely on text messages. Using these apps is the best way to secure your authentication. So there!

At SaviorLabs, we introduce the idea of SharePoint and OneDrive - cloud-based collaboration - to our clients all the time. Many are initially concerned, sometimes very concerned, which is reasonable. However, it is important to understand that when comparing SharePoint to the traditional way of doing things (i.e., people “believe” their own systems to be secure), this is not the case! Here’s an example of why:

On a recent podcast, we interviewed a hacker who contracts with large companies to test their security. A recent engagement seemed to be the first time they could not break into a network. They could not find any way in. They were going to make good on their guarantee of no cost if they could not break in, then they found it: one lonely printer that was exposed to the internet and configured to send “toner out” notifications to the purchasing department. The hacker was able to get into that printer. (The IT department had used an administrator-level account to send these messages from, so now they had administrator credentials. With that information, they were able to access the entire network, all because someone used an account in a place they shouldn’t have.) All this is to say that, if you think your network is more secure than any other network, you should seriously reconsider.

So, back to SharePoint and OneDrive. They can both meet the needs of most use-cases for local file servers. (As an example, we have architects using AutoCAD every day on SharePoint.) There are so many other benefits. Auditing is built into SharePoint. Everything that is done on SharePoint is reviewable, who did it and when. Versioning is built in, and it is trivial to go back to an older version. If you use Office, not only is versioning included, but you can team-edit at the same time from anywhere in the world. Plus, you can access all your files when you need them where you need them from any web browser, tablet or cell phone or, of course, your computer. There are tools to let you delve into what everyone has been working on and get notified when things are updated. There is even a team collaboration hub all built right in. For additional security and control, an administrator can revoke access to files and remove the files from a user’s computer. Users can also be prevented from sharing documents outside your organization.

There are a few exceptions to what you can put on SharePoint. For example, if you use QuickBooks (not the online edition), it needs to be shared from a local machine on your network. The same goes for most non-cloud databases, such as Microsoft Access, or installed software for specific applications or industries.

Migrating to SharePoint can bring the best tools used by the world’s most successful corporations to your company today at a very low cost. SaviorLabs is here to help make sure your migration goes well and that your team is able to work without skipping a beat. And, as an added benefit, we will probably even be able to retire your old file server too.

I hope this article has been informative and has piqued your interest in the benefits of moving to cloud-based computing.