Ahead in the Cloud: Remaining secure with cloud computing
Date: Aug 28, 2013
Guest post: Egress.
Championed as a revolution in computing solutions, Cloud offers benefits for organisations across all sectors; however IT heads need to be switched on to the security issues around storing and accessing data in the Cloud.
Bringing the Cloud closer to home
The term ‘cloud computing’ is somewhat deceptive. Not only does stored data reside in servers based very firmly on the ground, but the phrase is also reminiscent of fluffy balls of cotton wool floating innocently overhead. Through its very name, therefore, Cloud creates distance between organisations and their data – a false sense of security that a user’s responsibility is removed purely because data isn’t being stored on their premise.
The reality, however, is somewhat different.
In a survey carried out by PricewaterhouseCoopers, only just over half of European businesses recognised data security as a major risk of cloud computing, begging the question of how well-informed organisations are about the potential threats of using Cloud.
The Cloud Security Alliance (CSA), meanwhile, has identified the ‘NotoriousNine’ threats posed by cloud computing in 2013. Headlining this list are:
* Data breaches
* Data loss
* Account or service hijacking
Information stored in the cloud is just as susceptible to data breaches – whether malicious or caused by human error – as that stored in on-premise servers. Information storage firm Evernote is one recent example of a malicious data breach affecting users’ personal information. Although the California-based company insists that there’s no evidence to suggest that payment details or content was breached, user names, email addresses and encrypted passwords were – causing untold concern to users and reputational damage to Evernote.
Human error, meanwhile, often occurs when using Cloud to share data with others. A lack of verification processes, for example, can lead to unintended recipients being able to access information. In addition, human error can cause data breaches through inadequate control over whether a recipient can share information, either electronically or in hard copy. The ability to restrict or revoke access is invaluable when sharing highly sensitive data, stopping users from forwarding, printing or even accessing information, as required.
So, how can Cloud data breaches be prevented?
It all hinges on knowing what legislation can be applied to your data. One aspect of this is the idea of ‘data residency’: where you data is stored and what jurisdiction it subsequently falls under. Secondly, be aware of the limits of this legislation – the US Patriot Act, for example, is not only applicable to data stored in the States, but also to organisations with a parent company located in the US and those using American subsidiaries for data processing.
Before procuring Cloud services, therefore, read up on any laws that your data or company might fall under. The recent revelations from the US involving the scale of the NSA’s programme of data surveillance and use of the Patriot Act in order to obtain information have demonstrated why this is so important.
Next decide on what information will reside in the Cloud and how secure it needs to be. Ensure that you have the correct level of access control – for example, data in the Cloud can be encrypted, so as long as users remember passwords and other authentication means, the data will be secure.
When sharing data using Cloud-based services, meanwhile, it’s important to maintain control. Some solutions will only secure data in transit; however more sophisticated encryption services can ensure that it is only accessed by the intended recipient and offer full control over what they can do with it.