Is storing software in the cloud with reputable vendors secure?
-
02-10-2020 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianFrage
I have a team member who refuses to use any form of private source code repository on Github or Bitbucket due to "security concerns". As a result, we have a hard time sharing code with him. He appears to be concerned about source code theft by some party. To me, using cloud based source code repos is fairly standard industry practice. But does this individual have a point? Vendors do steal from customers in other industries. Should a multimillion dollar idea not be stored on a third party cloud service like AWS, Github, Bitbucket, App Engine, etc?
Lösung
I agree with @david.pfx that a team member has no business in unilaterally deciding for or against a company's business decision, especially as the code is not his... He might raise his concerns, present his case, and let the decision makers (source control may be a decision taken as high as VP or as low as team leader, depending on company policy) accept or reject it. After which - he should accept the verdict.
When companies add private repositories on GitHub, they subscribe to GitHub under its privacy policy, which is legally binding to GitHub.
As for security, you could point him to GitHub's article on the subject:
We know your code is extremely important to you and your business, and we're very protective of it. After all, GitHub's code is hosted on GitHub, too!
They go on, and detail the security measures they take physically, operationally, etc. and also address employee access.
At the end of the day, you must trust someone... servers may be compromised, third party libraries may contain malicious code, and employees may leak information or sabotage the product - but without trusting (vetted) servers, libraries or employees - you would achieve nothing...
Andere Tipps
First, you seem to have a management problem. One team member should not make such a decision and dictate terms that impose that decision on others.
Second, you seem to misunderstand the nature of cloud-based services. Most such services provide a high degree of isolation between users and against external agents (other than the NSA), but no protection from employees of your providers. Since you upload unencrypted text, any person with access to any part of the route from you to the provider, or with access to the internals of the provider, has access to your source code.
You can address this 3 ways.
Legal/trust. You either trust all those providers implicitly, or you obtain legal documents which bind them to certain standards of behaviour, on penalty of getting sued.
Local encryption. You employ a mechanism to transmit and store your source code in an encrypted form, for which only you have the keys. The technical details are complex, but achievable. Bear in mind you still need to exchange keys with your co-workers.
Own server. You run your own source code repository, and you use something like https with your own self-signed certificate for secure transmission, or a client that does it for you. You still have the problem of key exchange.
Doubtless there are strategies and variants I haven't thought of, but these are the main ones. Most people tend to pretend there isn't a problem and for most people there isn't. If your code is valuable enough (say you're developing high-profile financial systems or gambling systems or security systems) then I wouldn't be the one to make that call.
Well, do you think when Dropbox employees are board they dive into our photos? or Gmail staff read our emails when there is nothing else to do?
I'm pretty sure in smaller companies like local telecom companies you might have issues with them as some individuals has quite a dangerous amount of power in their hand and usually that's not illegal, but the bigger companies are more of an Organization that has the power. For example X amount of shares belongs to an investment company, not an individual, so it is less likely that somebody can do whatever s/he wants within the company and no one notice or argue with them -- because they might risk the whole reputation of such a big company or drive it to a total disaster.
Also for a mature company which is big enough to make a big business like that, stealing from their customers is more like a suicide plan instead of a smart idea to make some dollars. I still see many people that they are afraid to go and search a domain name online in the registrar's website because they believe if the domain is really good, then the registrar company will register it before them and will ask them to pay thousands of bucks if they want that domain. If that's a small company then that might be true, but that's not the way Godady or Name.com work for example, but some people are still paranoid about that.
The other thing is that how someone can find your assets there? If you are a famous person or if you do work on a well-known company, then it might be possible, but I'm still pretty sure that those companies do a lot to hire the right people, so nobody on Github will go and take a look at the Jon Skeet's repositories, otherwise no one would trust Github anymore. However if you're someone who's not famous and/or your company is not in the news, then it's very unlikely that someone by accident finds your assets and realizes that they are valuable and worth stealing and risking the rest of their life.
Imagine if somehow it leaks out that someone in Dropbox were blackmailing his ex-girlfriend because he had access to her account in the company. That's a serious thing and the consequences are extremely disastrous. So I assume there are lot's of things inside a company like Dropbox to make sure such a thing will never happen -- from hiring process to monitoring what they do. Same goes for other companies like Github, Amazon, PayPal, Google, Yahoo, etc.
I think there is some legitimacy to the concern, but at the same time, there are ways to safeguard against it.
On the legal side, clear legal terminology in the terms of service can make the host liable for any such theft.
On the technical side, client records could be encrypted to prevent offline access by the cloud provider. They could still alter their code to steal keys if they wanted to, but it would prevent random Joe Shmoe in IT from walking off with your data since it would require a user password to be able to decrypt the data if encryption is properly used.
Cloud services provide a lot of value when it is cheaper to have them handle it than to run it yourself, but you do give up control and need to make sure sufficient safeguards are in place to protect your business.
