Information portability and user mobility has become an integral part of life and the modern workplace. Just as important, is the portability of the hardware it’s accessed on. While smartphones are getting smaller and smarter, the sheer amount of information users want to access is growing exponentially.
Enter the cloud.
Cloud computing is not a brand new concept (one can hardly watch an hour of television without some commercial referencing the cloud), but it’s also not a fad technology. Used properly, the cloud can solve data portability and performance issues, all without increasing security concerns.
Because the cloud enables users to access information from any web-enabled mobile device or wherever a data connection exists, it is the ideal tool for accessing multi-user data stores. The externally-based storage that the cloud provides means devices with limited memory can save local memory for more robust and memory-intensive applications. Another important benefit is that there is a much smaller risk of losing data by having it stored exclusively on hardware that is designed to be taken out into the world. The amount of data that can be stored in the cloud is entirely unrelated to the limitations of mobile devices; you can easily upgrade your database or file servers without any upgrades to your work-force’s smartphones. Choosing to store data on a cloud also means that developers can focus their resources on the application itself, and not have to worry about complicated memory-saving routines, saving hours (and dollars) in a development life-cycle.
These benefits make for great reading to an IT Director, but their impact is felt and matters well outside the confines of the IT department. Using a cloud system along with mobile technology can make an entire workforce mobile – managers can orchestrate work-flow and resources, salespeople can access the CRM and billing systems, technicians can access job systems and tech specs, designers can contribute and collaborate on creative projects, and all of these things happen from wherever the person happens to be.
Of course, all of that data floating around in the seemingly-uncontrolled ether is frightening to some people, especially in the wake of several well-documented data thefts from companies like Sony. The cloud is not, by itself, a security concern though. Poor implementation of security measures, however, can be a real issue, and that’s why informed decisions need to be made at the beginning of a project.
Cloud security doesn’t just begin and end with secure data. User activity should be controlled through a device ID which adds an additional security layer. An individual user’s credentials are linked to the mobile device they use via a device ID (similar to a MAC address on a network). Implementing this security layer means that you can be more comfortable that the person who is accessing the cloud truly is the person to whom those credentials are assigned. You have the flexibility to allow credentials to be used only on certain devices, or even only from certain regions.
It is even more important than in traditional client/server models, that data should be stored on the cloud servers in an encrypted format. The NSA (National Security Agency) endorses the AES methodology (and in fact, it is the first publicly accessible and open cipher approved for top secret information). The standard comprises three block ciphers, AES-128, AES-192 and AES-256, adopted from a larger collection originally published as Rijndael. Each of these ciphers has a 128-bit block size, with key sizes of 128, 192 and 256 bits, respectively. The AES ciphers have been analyzed extensively and are now used worldwide.
Ultimately, the cloud is here and here to stay. It’s important that businesses creating mobile applications take advantage of the unrestricted mobility that it grants, but it is just as important that they make careful security decisions at the outset.