Moving to the CLOUD, which one 9?
Cloud and its Pros and cons.
1. A chain is only as strong as its weakest link.
And so this is where 99% of the trouble is going to come. Cloud Storage, great idea, multiple access points can access it from ANywhere on the Internet. Good for remote stations in a company, good for accessing data for all important documentation. And lets just do a for instance.
Youve spent months uploading your information to "The Cloud" what is it? Its a conglomeration of Servers worldwide along with Direct Name Servers World Wide and able to be accessed by anyone World Wide.
Lets say just for s**its and giggles you understand:-
A new office is setup in the out skirts of Godknows in the county of Where. The Manager, a reputable guy, been with the firm for Yras already and given his first out of the nest posting. Its been hyped up to get him to go, the pays good, the benefits are good and its up to him to set up this new office. SO he has an idea to recruit lets say 6 academics, 3 coders and 8 general secretaries. Obviously they will require access to the firms "Cloud based data" and each cloud entry point is not quite up to spec, ,but its satisfied head office IT dept and wiht it being a new office out in God Knows Where what can go wrong.
So on day one the IT dept sends out an IT guy to inspect the setup and give it the final connection to the cloud servers via the IP and Passwords for each section. Students come in and are given the full brief of their duties, responsibility and demands on the system. One fo these lovely young things has had a bender over the weekend with friends, one of whom has been prying him for info about his new job. Turns out the pry guy is actually a black hat for the counties glory boys Hacking Corporation.
Right the plot is set, and now all this pry guy is in need of is a link into the office whilst a terminal is connected to the cloud data and ....................
2018 The UK National Health Service was hit in a similar way. By a patient in a Hospital.
Cloud is a useful idea, however unless everyone who has access to the cloud data has to be vetted to keep it safe.
Password rotation: A simple program tied to the data clock on the cloud, can rotate passwords to and from the server in a few seconds.
Password length, there was a time when an 8 digit password was deemed secure, personally for systems I designed a minimum of 256 to 512 character passwords are about the best solution.
Secure encryption at both ends, ok it slows down th transfer and can cause bottle necks, it also prevents eronious data collection being of any use.
VET YOUR STAFF. A number of systems I built over the years hav efailed due to this. Trust is not someone that writes passwords on a notepatch and puts it in a book on their desk.
Using passwords GOD, ADMIN, PASSWORD1 good for the eog, bad for the company yet folk still use them. Makes all password generation secure and encypted.
(walks off down a long dark corridor, in the distnace a door closes)
