Be selective about what data you store and access from the cloud
Caution and awareness are important factors for mitigating security threats
By Thomas Boyden, Special to ThirdCertainty
Businesses are racing to expand their use of the cloud. The market for cloud services topped $100 billion in 2012 and is expected to surge to nearly $300 billion by 2020.
Cloud computing has numerous advantages. Companies can slash internal IT costs, and are looking to reduce data loss and service interruptions that accompany cyber attacks.
But caution is warranted.
Using the cloud means, in part, surrendering your organization’s data security. Even if your organization invests heavily in state-of-the-art cyber defenses and maintains an all-star staff of technology experts, none of that security transfers over to the data you send to the cloud. After an upload, your organization becomes wholly dependent upon the security protocols of outsiders.
Cloud data centers are magnets for malicious actors. Maintaining cloud servers is expensive and resource intensive, so naturally a few large companies own most of the market’s infrastructure. This leads to large concentrations of servers with pools of data. If security at one of these facilities were breached, a hacker would be well-positioned to either steal troves of data for sale in black markets, or worse, to spread malicious software. Once in the cloud, spyware, Trojans, and botnets could quickly filter throughout the networks of anyone accessing data from the infected server.
Free resource: Planning ahead to reduce breach expenses
Over-reliance on cloud services could paralyze businesses during service interruptions. Even well-maintained cloud servers are vulnerable to the occasional power failure or cyber attack. In the event something does crash or compromise a company’s remote servers, all data or services accessed from it—from financial records to routine office applications—could simply be wiped out, perhaps forever.
Data stored on cloud servers is more vulnerable to government seizure than privately held data. Given moves toward data localization around the world, and increased data surveillance by governments in the name of national security, the privacy of data stored on servers can’t be guaranteed. Depending on which service provider you use and where, any sensitive or confidential information your organization stores on the cloud may be subject to the seizure of a friendly or hostile government at any time, leaving you little recourse. In the case of countries like China and Russia, with long histories of the state assisting espionage in domestic industries, this could severely impact a firm’s competitiveness and bottom line.
Best practices for security in the cloud
Being aware of these dangers and following a few simple measures can help mitigate threats.
• Conduct thorough due diligence on the cloud server manager you have in mind before you sign an agreement. In short, if their security protocols aren’t at least as good as yours, then require them to modify their systems or consider going with someone else.
• Be selective in what data you access from the cloud. Anything even remotely sensitive or confidential is best stored locally or, at the very least, stored on servers with verified security.
• Be aware of which server you send certain data to. There is a complex matrix of national and international legal codes regulating government access to private data stored on cloud servers. Obviously the government of the territory on whose soil the server sits will have legal means to access data stored there if it needs to. Less known, however, is that governments also can compel their domestic companies to surrender data maintained in foreign servers by their overseas subsidiaries. If there are certain entities or jurisdictions you wish to avoid, review the laws governing your server in question and choose appropriately.
More stories on cloud security:
Startup Soha wants to simplify, improve cloud security
6 tips to avoid a cloud security horror story
Bitglass embeds encryption security in a private cloud