Despite cloud, other online advances, data security needs haven’t changed

Consumers should demand trustworthy, safe storage for personal information

 
Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

When Glob­alscape got start­ed more than 20 years ago, the inter­net was in its infan­cy and the obsta­cles to mak­ing it reli­able for com­merce were obvi­ous and com­par­a­tive­ly simple.

Back then, orga­ni­za­tions need­ed a way to secure­ly trans­fer files up into this thing called the World Wide Web. So Glob­alscape pio­neered a per­son­al file shar­ing tool, called CuteFTP, and devel­oped that ser­vice into a glob­al busi­ness help­ing 13,000 com­pa­nies in 150 coun­tries rou­tine­ly car­ry out secure data transfers.

Relat­ed video: Why com­pa­nies ought not sac­ri­fice con­sumers’ privacy

Gre­go­ry Hof­fer, Glob­alscape vice pres­i­dent of engineering

I vis­it­ed with Gre­go­ry Hof­fer, vice pres­i­dent of engi­neer­ing at Glob­alscape, to dis­cuss how the fun­da­men­tal chal­lenge of reli­ably and secure­ly mov­ing data with­in a com­pa­ny and across the inter­net hasn’t changed all that much. What has changed, of course, are the lay­ers of com­plex­i­ties intro­duced by the now per­va­sive use of cloud pro­cess­ing and stor­age ser­vices like Ama­zon EC2, Google Cloud and Microsoft Azure. A few takeaways:

Bless­ing or curse? Rent­ing pro­cess­ing pow­er and cloud stor­age from Ama­zon or Google or Microsoft has become rou­tine. Cloud ser­vices are high­ly reli­able and ter­rif­i­cal­ly func­tion­al. But they raise a host of secu­ri­ty issues: Who else might have access to a company’s cloud-stored data? Who, exact­ly, gets to keep copies? Should every­thing sent into the cloud be encrypt­ed? Who needs to be respon­si­ble for encryp­tion and, more cru­cial­ly, key man­age­ment? These are some of the poten­tial curses—issues that can height­en risk.

Get­ting a han­dle on risk. Any com­pa­ny think­ing about using a pub­lic cloud ser­vice should first go through an exer­cise of assign­ing gra­di­ents of risk to the types of data ear­marked for the cloud, Hof­fer says. For a hos­pi­tal, pay­roll data is less risky than patient data, for instance.

Only then can a com­pa­ny expect to make wise choices.

There’s a lot of rich infra­struc­ture com­po­nents that are slight­ly more tech­ni­cal­ly challenging—key man­age­ment, data-at-rest encryp­tion, et cetera,” Hof­fer says. “You’ll need to take those into account and be aware that they exist, but it real­ly comes down to using them appro­pri­ate­ly to main­tain the high­est lev­els of security.”

Con­sumers may be a wild card. Should con­sumers care about how a com­pa­ny uses cloud ser­vices to han­dle per­son­al data? Yes! Whether it’s a hos­pi­tal stay or an Uber ride to the movies, con­sumers’ behav­ioral pat­tern data is being col­lect­ed at an unprece­dent­ed lev­el, and much of it is being stored in the pub­lic cloud. Cyber crim­i­nals are aware of this, and so are gov­ern­ment sur­veil­lance agen­cies. And they are not just sit­ting on their hands.

It is not only fair, but smart, for con­sumers to begin to demand that pri­vate indus­try and the gov­ern­ment estab­lish a soci­etal stan­dard for safe stor­age of per­son­al and behav­ior data in the cloud. “Soci­ety, and indus­try, needs to real­ly pur­sue what are the right reg­u­la­tions, what are the right licens­es and user poli­cies, and what reme­di­a­tion needs to be in place,” Hof­fer says. “This is an area where we’re still learn­ing how to cope. Con­sumers should cer­tain­ly expect a cer­tain lev­el of pri­va­cy and secu­ri­ty. But always check to make sure that you’re not relin­quish­ing infor­ma­tion you don’t want to; check data secu­ri­ty stan­dards and make sure you buy only from rep­utable vendors.”

For a deep­er drill down, please lis­ten to the accom­pa­ny­ing podcast.

More sto­ries relat­ed to privacy:
Pri­va­cy, per­son­al nature of bio­met­rics don’t nec­es­sar­i­ly mix
Con­sumers becom­ing more pro­tec­tive of their privacy
With no glob­al stan­dard for data pri­va­cy, laws out­side U.S. dif­fer in scope