The cloud REALLY is just someone else’s computer
In the cloud, your information is stored on a computer not at all different from your own laptop. The major difference is that someone else owns and controls this computer. That someone else is a company with employees, many of which may access the computer as they please. Most likely this computer is shared by many such companies. These companies also install many programs on the computer to make their services work. Programs running on the computer are managed by additional companies that also are able to access your data.
Every person and thing in this scenario:
- Would be able to steal your data should they want to.
- Could be exploited by an attacker to enter the system.
Remember: the guard must seal all holes but the thief is happy to find one.
Data leaks are very bad
There is a saying that emails are less secure than posting letters. Letters are stolen one at a time and may be misused once or a few times by a single actor. A data leak will always be accessible and searchable by actors with malicious intent. Data leaks are one of the most expensive misfortunes that companies encounter.
Encryption is no guarantee that your information is secure.
In fact, the use of encryption says little about what and who your data is protected from.
Encryption is a pretty simple tool that my be used in several ways, the most common being:
- Encrypted connection
- Encrypted hard drive
These types of encryption protect your data against eavesdropping on the network and against thieves physically breaking in an stealing the cloud computer holding your data. There are very few data leaks happening that way. Most breaches happens through exploiting weaknesses in systems to gain access to the running service instance.The absolute majority of service providers use these and ONLY these ways of encryption. Many service providers actually prefers having the ability to extract information from your data.