Be selective about what data you store and access from the cloud

Caution and awareness are important factors for mitigating security threats

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Ed note_Global Risk Advisors_Thomas BoydenBusi­ness­es are rac­ing to expand their use of the cloud. The mar­ket for cloud ser­vices topped $100 bil­lion in 2012 and is expect­ed to surge to near­ly $300 bil­lion by 2020.

Cloud com­put­ing has numer­ous advan­tages. Com­pa­nies can slash inter­nal IT costs, and are look­ing to reduce data loss and ser­vice inter­rup­tions that accom­pa­ny cyber attacks.

But cau­tion is war­rant­ed.

Using the cloud means, in part, sur­ren­der­ing your organization’s data secu­ri­ty. Even if your orga­ni­za­tion invests heav­i­ly in state-of-the-art cyber defens­es and main­tains an all-star staff of tech­nol­o­gy experts, none of that secu­ri­ty trans­fers over to the data you send to the cloud. After an upload, your orga­ni­za­tion becomes whol­ly depen­dent upon the secu­ri­ty pro­to­cols of out­siders.

Relat­ed news: Attacks on social media, cloud apps exploit trust in pop­u­lar free ser­vices

Cloud data cen­ters are mag­nets for mali­cious actors. Main­tain­ing cloud servers is expen­sive and resource inten­sive, so nat­u­ral­ly a few large com­pa­nies own most of the market’s infra­struc­ture. This leads to large con­cen­tra­tions of servers with pools of data. If secu­ri­ty at one of these facil­i­ties were breached, a hack­er would be well-posi­tioned to either steal troves of data for sale in black mar­kets, or worse, to spread mali­cious soft­ware. Once in the cloud, spy­ware, Tro­jans, and bot­nets could quick­ly fil­ter through­out the net­works of any­one access­ing data from the infect­ed serv­er.

Free resource: Plan­ning ahead to reduce breach expens­es

Over-reliance on cloud ser­vices could par­a­lyze busi­ness­es dur­ing ser­vice inter­rup­tions. Even well-main­tained cloud servers are vul­ner­a­ble to the occa­sion­al pow­er fail­ure or cyber attack. In the event some­thing does crash or com­pro­mise a company’s remote servers, all data or ser­vices accessed from it—from finan­cial records to rou­tine office applications—could sim­ply be wiped out, per­haps for­ev­er.

Data stored on cloud servers is more vul­ner­a­ble to gov­ern­ment seizure than pri­vate­ly held data. Giv­en moves toward data local­iza­tion around the world, and increased data sur­veil­lance by gov­ern­ments in the name of nation­al secu­ri­ty, the pri­va­cy of data stored on servers can’t be guar­an­teed. Depend­ing on which ser­vice provider you use and where, any sen­si­tive or con­fi­den­tial infor­ma­tion your orga­ni­za­tion stores on the cloud may be sub­ject to the seizure of a friend­ly or hos­tile gov­ern­ment at any time, leav­ing you lit­tle recourse. In the case of coun­tries like Chi­na and Rus­sia, with long his­to­ries of the state assist­ing espi­onage in domes­tic indus­tries, this could severe­ly impact a firm’s com­pet­i­tive­ness and bot­tom line.

Best prac­tices for secu­ri­ty in the cloud

Being aware of these dan­gers and fol­low­ing a few sim­ple mea­sures can help mit­i­gate threats.

Con­duct thor­ough due dili­gence on the cloud serv­er man­ag­er you have in mind before you sign an agree­ment. In short, if their secu­ri­ty pro­to­cols aren’t at least as good as yours, then require them to mod­i­fy their sys­tems or con­sid­er going with some­one else.

Be selec­tive in what data you access from the cloud. Any­thing even remote­ly sen­si­tive or con­fi­den­tial is best stored local­ly or, at the very least, stored on servers with ver­i­fied secu­ri­ty.

Be aware of which serv­er you send cer­tain data to. There is a com­plex matrix of nation­al and inter­na­tion­al legal codes reg­u­lat­ing gov­ern­ment access to pri­vate data stored on cloud servers. Obvi­ous­ly the gov­ern­ment of the ter­ri­to­ry on whose soil the serv­er sits will have legal means to access data stored there if it needs to. Less known, how­ev­er, is that gov­ern­ments also can com­pel their domes­tic com­pa­nies to sur­ren­der data main­tained in for­eign servers by their over­seas sub­sidiaries. If there are cer­tain enti­ties or juris­dic­tions you wish to avoid, review the laws gov­ern­ing your serv­er in ques­tion and choose appro­pri­ate­ly.

More sto­ries on cloud secu­ri­ty:
Start­up Soha wants to sim­pli­fy, improve cloud secu­ri­ty
6 tips to avoid a cloud secu­ri­ty hor­ror sto­ry
Bit­glass embeds encryp­tion secu­ri­ty in a pri­vate cloud