I don't necessarily disagree with the approach - depending on your organisation, it will probably provide the most reliable data security.
All solutions carry a risk of a data breach, however, and the encryption solution is no different. One of the arguments for cloud data security is that organisations generally over-estimate their own ability to secure their data, and that cloud data is actually more secure - precisely because the cloud vendor has greater capability (knowledge, processes, people, infrastructure) to provide that security. From this perspective it may be *less* responsible to do data security in-house. So my point is that when a someone asks 'What is the data security situation with app engine' - it would be nice to do better than 'you better encrypt it'. Encryption might be the right answer for your organisation - but some information from google around auditing processes, employee access policies, notification when your data was accessed, the reasons why your data might be accessed etc. would probably lead most businesses to opt for a solution that didn't involve them taking on the security burden themselves. Most businesses would say 'ok, that sounds good - I understand breaches can happen, but it sounds like you guys are pretty organised and take this stuff seriously'. I'm sure google has a great many policies and procedures in place to secure app engine data, but when the presented options are 'encrypt it' or 'we'll look at it if we want', well, its a much harder sell. On May 22, 8:44 pm, Keren Or Shalom <[email protected]> wrote: > I don't believe it would be responsible for any business to count on the > goodwill of a provider no matter how good his reputation to preserve the > security of strategic data. It does not matter what might be the promise of > Google I think the only way is the way that Geoffrey propose. > > On 22 May 2010 21:07, hawkett <[email protected]> wrote: > > > > > > > Hi Geoffrey, > > > I'm sure you didn't mean your response to come across this way - but > > it reads - 'encrypt your data, or expect google to look at it for > > whatever reason they see fit'. As this thread alone shows, data > > security is of huge importance to many people using or considering the > > use of app engine. > > > Is this approach to data security also your perception of app engine > > for business? > >http://googlecode.blogspot.com/2010/05/announcing-google-app-engine-f... > > > Sorry for the semi-rant, but it's hard work convincing folks to put > > their data in the cloud, and every authoritative (you are listed as an > > API guru) statement that erodes their perception of the cloud vendor's > > security practices makes that job harder. I guess this highlights > > again the need for unambiguous statements on this - probably in the > > form of an SLA. I recommend that anyone who has similar concerns star > > this issue -http://code.google.com/p/googleappengine/issues/detail?id=501 > > - raised nearly 2 years ago. Ironic that the issue id is '501' - HTTP > > speak for 'Not Implemented'. Some kudos though for starting that > > process as of a couple of days ago - > >http://code.google.com/appengine/business/sla.html, > > despite the lack of data privacy clauses. As noted in the issue, the > > number one concern is data privacy, not uptime. > > > Colin > > > On May 21, 2:08 pm, Geoffrey Spear <[email protected]> wrote: > > > On May 21, 4:20 am, Madame Or <[email protected]> wrote: > > > > > Given the high sensitivity of my data it is very important that no one > > > > except of course the individuals I would allow and the software I > > > > would enable to access the data stored in that BigTable. Hence I would > > > > like to know also if it is possible to prevent anyone, including > > > > Google, to have access to my data stored in BigTable? > > > > There's no way to prevent Google from accessing anything stored on > > > their servers. It's unlikely they'd do so without a good reason, but > > > if you want to ensure security, use strong encryption. > > > > -- > > > You received this message because you are subscribed to the Google Groups > > "Google App Engine" group. > > > To post to this group, send email to [email protected]. > > > To unsubscribe from this group, send email to > > [email protected]<google-appengine%2Bunsubscrib > > [email protected]> > > . > > > For more options, visit this group athttp:// > > groups.google.com/group/google-appengine?hl=en. > > > -- > > You received this message because you are subscribed to the Google Groups > > "Google App Engine" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]<google-appengine%2Bunsubscrib > > [email protected]> > > . > > For more options, visit this group at > >http://groups.google.com/group/google-appengine?hl=en. > > -- > V07768198309 > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group > athttp://groups.google.com/group/google-appengine?hl=en. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
