When people raise questions of data protection in clouds, I've often noted the ample research available on internal versus external threats—as tabulated, for example, by the GAO in that agency's analysis of sources of vulnerability in U.S. government IT (figure at right). This is explored in more detail by a white paper available by link from one of my earlier blog posts.

If you're not segregating duties, if you're not auditing the access privileges that you grant with reference to the processes you want to enable, then it's really quite irrelevant where the information is being stored.

Expanding on this key understanding, a new report from InformationWeek's Dark Reading site now puts the situation in even plainer terms with the headline, Databases' Most Serious Vulnerability: Authorized Users.

"There are five common factors," says the summary of the report on the Dark Reading site, "that lead to the compromise of database information":

• ignorance
• poor password management
• rampant account sharing
• unfettered access to data
• excessive portability of data

Many of these sources of risk are directly and dramatically reduced by practices that are easier to implement in cloud services than they are in traditional client-server environments. Salesforce.com systems are excellent examples.

For example, every individual salesforce.com subscriber is associated with a unique set of login credentials, which even the administrator has no direct way of knowing: a password reset operation sends required information and activation links directly to the subscriber, meaning that any actions to access or modify data can be unambiguously associated with a specific person. Access to information can be controlled with unsurpassed precision.

Excessive portability of data is another important source of risk to consider. The path of least resistance in client-server settings is for data to expand to fill the space available: to wind up downloaded onto desktops, backed up onto thumb drives, attached to emails, and in general copied in too many places and shared via too many unsecured and ungovernable channels.

In a Force.com environment, it's far more natural for people to share links to shared content libraries, rather than making N (or multi-N) copies of the data for N users. This library model makes it far more likely that updates, redactions, or altered access policies will have the desired (or even mandated) effect of making sure that people only see what's correct—and also, not insignificantly, what's genuinely needed to do their jobs.

"Experts say that many users who work with databases simply don't understand the sensitivity—or the value—of the data they work with, and therefore become casual in their security practices," warns the Dark Reading summary. That's not going to change any time soon, and not without incurring expenses that most organizations don't want to face.

At least we can build applications in an environment that makes insecure behavior less convenient than disciplined data management.