Cloud is more secure than your own hard disk

I had several feedbacks from my last post on the Outlook Attachment Remover from my colleagues. The number one response is: “Do not put our client’s data there, even if encrypted, it is against the policy”. In this post, I will discuss why Cloud is secure and what a sensible company policy should be.

When CIO gives us the company laptop, we promise to take full responsibility for it. We are expected to set a strong password so that no one can logon to our machine, and we are expected to lock our screen whenever we are away. When clients send us their confidential data, they expect us to secure it in areas where only we have access to. We do not need client permission to store the data on our hard drive because we have promised to our CIO and our clients that we will guard our laptop and hard drive.

When we request a bucket from Amazon S3, the bucket, by default, is readable/writable by us only. Similar to a password, our access to the bucket is guarded by our Amazon credential, which includes both a 20 alpha-numerical characters of Access Key ID and a 40 alpha-numerical characters of Secret Access Key. We promise to keep the Keys to ourselves and Amazon promises the access right works as designed. So, just like our hard disk, the bucket is ours and ours alone. Why should not we be able to store our and client data there? Why do we need client permission?

As much as we promise, accidents do happen. Our laptop could be infected with virus and Trojan horses, we could lose our laptops, Amazon security could be breached. In the past year alone, I know at least two incidents where our company laptops were stolen. In contrast, I have not heard ANY S3 security breach since they launched their service three years ago. It is a more dramatic contrast than you think because S3 has millions of customers and it hosts 29 billion objects, whereas, our company has much fewer employees and far fewer number of laptops. So, is our hard disk more secure than S3?

Since no one can say their system is 100% secure, we have to put in measures to guard against the rare events. Our company laptop has encryption software installed. When the laptop is lost, we are safe because no one can read the data.

 Now, if I encrypt my email attachments, including client data, and put them in my own S3 bucket that is readable/writable by me only, and hold on to the password to myself, why would I need client permission? Why is it not secure? Why is it against the company’s policy? If anything, based on the past track record, CIO should ban us from storing data on our hard drive instead.

Advertisements

An “unlimited” email inbox in the Cloud

Do you work for one of those stingy companies who only give you a tiny email Inbox? My CIO gives me 120MB, which runs out two month after I joined the company. Even if you have a bigger one, it will run out fast enough because everyone likes to send large attachments around.

If you are like me, you will spend hours each week cleaning up your Inbox, archiving your emails, and backing up all your data. Well, I am happy to report that help is finally here. There is a new Outlook Attachment Remover from a startup that can detach your attachments and embedded images and put them on the Amazon Cloud (i.e., S3). For $0.15/GB/month (the price Amazon charges), you can get rid of all the hassles and have unlimited storage.

When I first started using their software, I did a few experiments to see how well it performs. I have an archive folder which has 12000 messages and it is about 890MB in size. The size is small because I deleted most attachments before I put the emails into my archive folder. After I converted them, my archive folder shrinks to about 400MB, which is very impressive since I did not have many attachments in the folder. I guess those embedded images take quite a bit of space.

Next I ran the same test on my working folder. My working folder has all important emails that I need to keep around for reference. They all have their original attachments because that is the reason I keep them in my working folder. It has 400 messages at about 200MB. After the conversion, it is at 25MB. Wow! That is a size that I can fit into the mailbox my CIO gives me.

After I converted my old mail, I just enabled the “auto-detach” option. So whenever a new mail arrives, the attachments are automatically stripped and stored in Amazon. If I want to convert it back for whatever reason, all I have to do is click the “re-attach” button.

I have been using the product for a few weeks and I am quite happy with it. I hope you find the tool useful too.