Originally posted on 29 January 2015 at http://www.josephwojowski.com/transtech-blog/data-storage-and-security
What is a Cloud and how does it work?
Cloud data storage and computing, simply put and just as a quick overview, refers to online access to data or applications which are stored in a centralized location – a server. Public clouds like Amazon AWS allow clients to rent space on a larger server which contains or may contain data from other clients. Private clouds have an entire server dedicated to one client and can be hosted locally or by a third party. Applications such as a translation program can also be hosted on the cloud server for executable application data as well as document and resource data. The biggest appeal to these types of applications is that a lot of them are not limited to a specific operating system. Whether someone is using Windows, OS X or Linux, he or she need only have a browser to access the application.
Breaches in Data Security
In recent years in the United States, we’ve learned (the hard way) how vulnerable our IT systems can be. Solutions that companies trusted with secure information such as customers’ credit card information, have been found to not be as secure as previously thought. If nothing else, these incidences have shown that in order to hack into a program or database, all someone really needs is malicious intent and time (See Bloomberg Business from 21 October 2014).
In 2010, the US and Israel were able to hack into Iran’s Natanz Nuclear Facility and disrupt operations by way of a worm finding its way on to a worker’s USB flash drive and that worker inserting it into one of the facility’s computers (See Wired from 3 November 2014).
Furthermore, in August 2014, it was demonstrated that even individuals can be at risk as celebrities’ personal cloud accounts were hacked and personal, discriminating photos were leaked (See Forbes from 2 September 2014).
While I am not condoning these acts, I wish to use them to illustrate that threats to data clouds, servers and computers are numerous and only intent and time are needed to break into any networked computer or server.
Cloud-based data storage
Risk awareness is essential to the use of any form of technology. Being cognizant of where items are being stored is the best way to ensure this. Some programs will even go so far as to automatically save documents to a connected cloud-storage server (I discovered that little nugget when I accidentally saved a list of planned blog articles to my One Drive instead of my local folder and tried to go back and find it). It goes without saying, therefore, that sensitive documents do not belong on a cloud server, nor do files and resources related to those documents – like project backups, translation memories, and glossaries. While it may be very convenient to be able to work with a document or resource at home, leave for the office empty-handed and work with that same document at the office, there is still a risk (if only very minimal) of that cloud server being hacked, resulting in the unintentional disclosure of the information contained.
So what about cloud-based TM Solutions?
I would first like to establish and make clear that cloud-based translation environments are great tools in a Language Service Provider’s toolbox. The ability for project managers, translators, editors, proofreaders, terminologists, et cetera to collaborate and work on a project is an incredible advancement and does great things from a project management standpoint.
Internet security-wise, while cloud-based TM tools may not be the specific target of hackers, the potential is still there and, again, it would only take intent and time before someone hacks into TM cloud servers.
So, while cloud-based TM applications are highly beneficial for their collaborative capabilities in an industry dictated by tight deadlines and high expectations on quality, as a technology-oriented person and as someone who understands the risks involved with the use of networked devices, I cannot say that cloud-based TM solutions have replaced local applications in my project manager or translator toolbox, yet.
Retail transaction records and governments are common targets because they deal with information that people know is valuable. While information we as translators deal with is just as important, it’s not as well known that we deal with this type of data. As a member of the industry I’m addressing, I would rather we be aware of the risks and actively exploit every measure possible to secure the data we work with than be subject to an information breach and wish we had done more, sooner.
And when you’re looking into Cloud solutions, do not simply accept the salesperson’s explanation that their company takes security seriously. Ask for details, how exactly are they actively preventing an incident? The more a company touts having the most secure anything, the shinier it appears to those with malicious intent and it makes them want to hack into it that much more.