A basic problem with working in “the cloud” is that we are sharing our work over the Internet, where the very act of sending and receiving data makes us vulnerable to security breaches such as HeartBleed. Since the cost of a data breach can be huge (ask anyone who works at Target), it is obviously a wise Cheap Computing maneuver to protect your data as much as possible. And once you decide to do that, you may decide Marissa Mayer was right, and we should work together in offices rather than in our homes or at other remote locations.
Heartbleed and similar threats are man-in-the-middle attacks. Your copy of Linux and all the software you run on it can be as secure as a bug in a rug, and all the Windows desktops and servers in your company can be patched and secured as much as Windows can be, but Heartbleed and similar threats can still slurp any data you send over the Internet — which means any data you work with or store in “the cloud.”
I’m writing something I don’t want revealed until I finish it. My level of paranoia is far higher in this case than it has a right to be, but it is what it is. And because of my high level of paranoia I work on this project on a computer with no physical connection to the Internet and its wireless radio turned “off” while I work. I store this work on an external hard drive that I only attach to the computer when the computer is not on the Internet, and when I am done working on my novel (that’s my secret project) I unplug the hard drive from the computer before I turn the computer’s wireless “on” again so I can research stories, trade jokes with friends on Facebook, read my email, and do all the other fun things we can do with an Internet-connected computer.
Note that I am using a very old, nearly foolproof method of securing my computer: I don’t have it connected to the Internet while I’m doing work I want to keep secret.
So in this sense — security — Marissa Meyer was right when she said it was better for Yahoo! employees to work together in offices rather than in far-flung locations. A group working together can use a LAN with no connection to anything beyond the computers directly attached to it.
Now let’s think about Heartbleed again. It supposedly compromised 17 per cent of all “secure” servers on the Internet for at least five months. But wait! That’s not all! Are there other unpatched bugs out there that are as bad as or worse than Heartbleed? I don’t know, and unless you are Dr. Evil, you probably don’t know, either. Or are you the NSA — which supposedly knew about Heartbleed but used it instead of telling the world about the threat?
You know very well that someone, somewhere, is working on a new way to get at the data stored in your computers and the networks to which they are attached.
The more data you send over the Internet instead of keeping it close to your chest, the more vulnerable you are.
So maybe — just maybe, I say — using the public cloud is not a great idea when you’re dealing with sensitive information, no matter how much money it looks like you might save by using an outside IT service instead of running your own servers, inside your own firewall — or better yet, not attaching servers containing critical data to the outside world at all, firewall or no firewall.