The cloud is 100% safe

You get more attention, when you state something not expected. It is important, that you prove this statement later, otherwise you are a liar.

Here an example from my past, which shows, what I mean. In 1996, we began to sell in Germany a no-name product, running on a Tetris-Game-Computer, a Windows 95 PC: SolidWorks. Our top cold call pitch was at that time: ?Imagine, you get 80% of the functionality of PRO/Engineer for 20% of its price." The skepticism was big. Those, who dared to come into my office, saw the proof.

Coming back to my header : ?Your data are 100% safe in the Cloud.". Is Zsolt telling fairy tales?

Let's analyze the cloud and neighbored resources. What are the facts? Looking into a typical workflow of a desktop-cloud combination, there are 4 stops:

- The user creates data, maybe also files.

- A computer with a hard drive saves, especially for 3D CAD users, data on the local drive due to performance issues.

- An Internet connection delivers the results and files to the cloud.

- The cloud drive, the cloud application, gives the outside world the possibility for access to relevant data.

These stops lead to the 4 danger zones, the entry for data thieves:

- Crack the user

- Crack the local drive

- Crack the Internet connection

- Crack the cloud

Let's have a look onto the 4 possible entries.

The central point : the Cloud

Providers of cloud applications and -storage are highly professional.

Let us look first on banks. Around the entrusted data, money and processes, they get from their customers, they build a Fort Knox. Who ever lost money caused by an IT failed transaction?

This is the same with providers running ERP applications like SAP S/4HANA Cloud or sales applications like Salesforce. Banks and ERP providers use already a long time outsourced systems and the cloud. There are no concerns of misusage of data.

If a hacker has the choice between a Fort Knox of a specialist like Amazon Web Services or the own infrastructure of a normal end user company, their choice is easy. An analogy from daily life: When a housebreaker is in front of a row of houses and sees at one house special security mechanisms and at the other one none - guess, where he enters?

An additional safety mechanism, an additional lock, which leads to nearly 100% safety, can be following: If the thief steals a database or parts of it, he does not own the key to the data. He needs a desktop application, which opens for him the data on his own machine.

Onshape, a great cloud application for CAD and PDM, does not provide any desktop or separately installable application. I do not know whether it is the same with SAP S/4HANA Cloud or Salesforce.

The theft on the data road : the Internet connection

The data are more safe, if they are living encrypted in a Fort Knox, in a database structure in the cloud, like in SAP S/4HANA and Salesforce than as files living anywhere. Onshape design data are also stored encrypted in database tables.

There are no files or total datasets, which can be stolen, only single records. These fragments are worthless without the key, the Onshape application in the cloud.

In opposite every file transfer, also replications of archives in multi-site PDM environments is an invitation for data thieves

The local theft opportunity : the hard drive

The best security is, there is nothing to steal. If the local hard drive does not contain any Intellectual Property, any files, any design, there is no entry for thieves.

The hostage of the user: Social Engineering

There is an interesting article of an old Dassault college, Alex Bruskin: ?Stealing data from inside the firewall, which includes manipulating "good" authorized users into divulging their credentials by "social engineering" attacks; acquiring "bad" users via insider threat path; acquiring read-only database credentials (which are often left unchanged for years); or acquiring database credentials baked into other programs."

The user is a not to be neglected entry point in every infrastructure, in any company internal IT environments and into the cloud.

There are two main entries here, the intended transfer of login data and the non-intended, e.g. with the help of Phishing. Various tools, like 2-factor authentication and forced, frequent change of passwords, are in usage. The mindset and knowledge of the user is also a barrier for serious damage. Have a look onto this interesting article of Kaspersky about Social Engineering.

The cloud database and application, e.g. that one on the AWS Server in Ireland, is an impregnable fortress. The commands and fragments of information going through the Internet, are useless for the thief.

The local drive is not anymore the place, to store Intellectual Property.

The human danger zone: Silliness in handling data and criminal energy is inherent in some people. Only mechanisms to protect them from themselves help.

Using good, 100% for the Cloud engineered database applications minimize the danger coming from the described 3 IT influenced zones so far, that the safety is very near to 100%, maybe 99,xxx %.