It's cheap to upload data into Amazon Glacier, with prices starting at $0.01 per gigabyte per month, depending on which region you're uploading to. The service isn't meant to spit the data back out with any speed though -- Amazon notes that retrieval can take several hours. Retrieval costs start at $0.12 per gigabyte for the first 10TB, plus some discount for daily free allowances, which is 5 percent of your total information held in AWS's cold storage servers. Amazon automatically stores the data encrypted at rest, and provides an average annual durability of 99.999999999 percent (that's 11 9s) by synching the data across multiple facilities.
Interesting thought here that we’ve all had on mobile security. This time we’re talking “Bring your own application”, not just bring your own device. These tools like Evernote, OmniFocus, DropBox, Reminders, even just personal versus business email, your employees could be sharing personal information - whether it’s health, finance, or just identification information it can all be damaging. Now the article I’m referencing, from Jay Fry at Framehawk, does a great job leading the discussion and then goes into the Framehawk approach so I’ll talk a little about the first part and then we can discuss.
A week or two back, the Ponemon Institute released some survey data about just how frequently employees in large enterprises are using external, cloud-based services to store and send critical data. The answer? Quite a lot.
Penny Crossman of American Banker termed the usage of these services a “huge security hole” in her article on the survey (with the slightly unsettling headline: “Are your bank’s secrets floating in the cloud?”).
After BYOD comes…BYOA
Some folks are calling this the “BYOA” era. You see, first there was BYOD – Bring Your Own Device. The logical follow-on is that employees then start using those personal mobile devices to access non-approved -- or at least non-managed -- applications (that’s the “A” in BYOA). These could be services like Dropbox, Evernote, and Yousendit!, which they’ve downloaded onto their device or can access in the cloud.
In describing this BYOA trend in a Forbes article, Matt McIlwain of Madrona Venture Group saw this as a great way for small start-ups – the ones selling these applications – to get a foothold in the enterprise by finding a balance being “alluring to individual users and small teams” while making themselves “palatable to IT departments.”
While McIlwain thinks these innovative apps that are capturing the attention of users will usher in an era of greater transparency for IT, folks responding to the Ponemon survey I mentioned earlier see it as a big problem.
"These file sharing and file transfer technologies are very convenient," says Larry Ponemon, chairman of the research group. "The take-up rate of these technologies in the workplace is enormous.”
However, Ponemon cautions, “a lot of company confidential information exists in documents — PowerPoints, Word documents, email and such. If you're a cybercriminal, that's where you're going to find the company's crown jewels."
Nobody makes sure employee work-arounds are secure
Some companies are practically forcing their employees to use such services because they don't provide remote access to documents that their staff needs when they're traveling or working from home or a remote office. Faced with a brick wall, employees who just want to get their work done will find a work-around. Those work-arounds often become a big part of their day-to-day processes.
With sensitive corporate data involved, what seems like an insignificant compromise becomes the Big Work-Around -- a serious deal. By definition, nobody’s in charge of making sure those Big Work-Arounds are secure.
There's a war going on around document and data security, says Ponemon. "You are constantly battling the issue of convenience," he says. "The traditional security model is, we'll just turn it off. What we've seen over the last 20 years or more is a move to empowering the end user through things like cloud computing, virtualization, remote devices and the ability to do your work from remote locations. The issue is, can you create solutions that are convenient and allow the users to do the things they need to do? Security has a voice, but there's a bigger voice called productivity and profitability."