How Safe is Cloud
Storage?
In the not-so-distant past, considered the
possibility of moving our data stores into the cloud. The reason was two-fold: not only would it cost less,
but we would also spend less time managing it ourselves. It sounded like
a good idea, but ultimately, we abandoned the idea because cloud storage was
deemed as too risky for our liking.
There were just too many implications created
by having a third-party hosting our protected and confidential data.
Implication brought about by troubling questions that no one could answer to
our satisfaction. For instance, if a security breech were to occur, who would
be responsible and how much of a guarantee could the provider give us that our
data would be safe from prying eyes?
As more and more companies look to the cloud
for their data storage needs, these same questions are being asked over and
over again. Now, with new hacking and theft incidents on some of the largest
players being reported on a weekly basis, everyone is taking a step back and
re-evaluating their risk tolerance. If you can relate, then read on to find out
where we stand right now on the issue of cyber-security and who you should trust
with your sensitive data.
Risks vs. Rewards
For many businesses, the lure of cloud computing is hard to resist. It's
many benefits include instantaneous 24/7 access to data, anywhere the Internet
is accessible, scalable – practically unlimited – storage capacity, improved
collaboration, and the cost benefits associated with the elimination of a data
center IT team required to manage it.
As tempting as these niceties may sound, one
must consider all of the potential risks that come along with them. The one at
the forefront of the industry's collection consciousness right now is cyber
theft. It seems that every time we turn on the TV to watch the news, the
anchorman/woman tells us that we had better change our passwords because of the
new vulnerability and/or hacking incident. That's an annoying occurrence to be
sure, but what happens to personal information that is stolen, such as credit or
debit card account details, or social security numbers? Remember when hackers
managed to get their hands on 40 million credit and debit cards belonging to
Target shoppers who bought merchandise in its stores between Nov. 27 and Dec.
15 2013? The compromised cards wound up being marketed online along with
information on the state, city and ZIP code of the Target store where they were
used. That allowed them to be used illegally longer without raising the usual
alarm bells that would go off due to activity being registered outside of the
genuine account holder’s geographic location.
Cyber Attacks, Security Breaches and WikiLeaks
Almost as prevalent as cyber attacks,
security breaches from the inside are steadily garnering more and more
headlines as well. Edward Snowden is the
former NSA contractor behind one of the biggest leaks of classified
intelligence in American history. According to Snowden, his motive for leaking
the documents was "to inform the public as to that which is done in their
name and that which is done against them." Those words bear a strong
resemblance to WikiLeaks founderJulian Assange, who also
sought to expose government and corporate wrongdoing through "ethical
hacking". Some may argue that their hearts were in the right place, but in
airing the dirty laundry of the powers-that-be, there is inevitably collateral
damage. In the case of WikiLeaks, government agents were put in harms way as a
result of being named in the leaked documents. The ramifications are that you
and the company you work for may be in jeopardy just by virtue of being
documented somewhere that you have no control over.
Other groups or individuals may be less
interested in leaking the data but focused on the partial or total destruction
of the cloud facilities of a particular company.
Once an incident has occurred, in its
aftermath, lawsuits are inevitably filed by or against you. At that point
you've not only lost data as well as your customers' trust, but now your
finances are going to be hit hard.
How to Protect Yourself
Once you've entrusted your data with a third
party, its safety is pretty much in that provider's hands. Therefore, your best
defense is to be diligent in assessing potential data storage and service
providers.
Encryption is Essential
Since the earliest days of data protection,
when Julius Caesar used a substitution cipher to protect his private
correspondence, encryption has played a key role in keeping data contents
unintelligible to all but those who knew how to unlock it. Today, encryption is
an essential component of any data security and management strategy. Luckily,
finding a data hosting service that utilizes encryption is easy; even those who
cater to the general public – such as Dropbox and Google Drive – employ
encryption.
Some companies go even further by promising
"100% private" cloud storage. An extra level of privacy is achieved
by adopting a zero knowledge policy whereby even the folder and file names are
stored as meaningless strings of obfuscated text.
Companies who want to go even further can
seek out cloud services that don't store passwords anywhere on their servers.
That would essentially force a data thief to break the encryption algorithm – a
herculean task that, while not impossible, could take a very long time to
accomplish. The price for the added security is that if a client of the service
(that's you) ever forgets his or her login credentials, the onus to break the
encryption algorithm falls on you because that’s the only way that you’ll ever
retrieve your data.
Finding a Balance
Information security, whether within your own
organization or in the cloud, has always been about finding a balance between
ease of access and information sharing versus data which is completely locked
down and virtually inaccessible to anyone. In this post 9/11 world, it's become
painfully apparent that the more you have of one, the less you have of the
other.
For more information, please visit: www.programmingyan.com
No comments:
Post a Comment