The ‘invention’ of the cloud has been a revelation to so many industries. Yet for many people (be they enterprise or private), they still do not have a full understanding of what the cloud is, never mind how to protect anything stored there.
Talk to someone who does not really use technology. And they just cannot grasp the concept, perhaps it is the word cloud that confuses things. “So all the data just kind of sits in the sky?” “It doesn’t actually go anywhere?”
However, let us put it into the basic language. Effectively, cloud storage is just another way of storing data on someone else’s server. But you can access it (generally) via an online service, making it accessible to you whether you are at home, work or the other side of the world.
Traditionally, most people use local storage, either on their machine or an office based server to store their data; this makes all security relatively easy to contain, even more so if that server has no direct connection to the outside world.
Even with a connection, numerous levels of security that can be implemented in the form of firewalls and the like.
Every company needs to have some sort of data policy in place, regardless of where you are in the world; there are legislation and compliance relating to data.
When that data is stored in-house, you know what procedures are in place. You know who can or can’t access that data. And you may have even overseen the implementation of procedures to protect that data. This all goes to give you a sense of security, to make you believe that your enterprise is doing all it can to be safe and compliant.
There are hundreds of ‘big name’ suppliers of cloud storage solutions; the general perception is that they will look after our data with rigorous standards and security measures, that being as large as they are, and there is no possible way that they would let a data breach happen.
However, is there an issue of them being complacent with our data? Alternatively, that because they are so large, we view them as too big to fail?
Firstly, it is not really about how they protect the data, but the transference of that data could that data be intercepted before it actually reaches the storage. Any cloud service provider is only as strong as the weakest link, be that as an overall company or a department within a company, perhaps even an individual within a department.
We must also consider that many of the data compliance regulations were written before cloud computing really took hold, therefore they may not be that relevant; as a company that has data protection procedures in place, do you regularly update the certification or procedures as you change your business model?
What can you do?
You can install SSL certificate for providing security of your data over cloud-based service. The first thing being to investigate the security measures of any service provider that you use; do not just assume that they fit with all compliance or legislation. A report from the firm Enterprise Management Association in May 2016, says that 47% of security personnel just trust their provider to meet security legislation without any further investigation.
This effectively means that they have taken on a service and just expect it to be right, however, in the eyes of the legislators, ignorance is no defense.
If there was a data breach or compliance issue, they could not just claim that the work had been outsourced, the company outsourcing would still be liable.
Introduce a calendar of events, the purpose of which is to review regularly the service providers, their security arrangements and the procedures and protocols when dealing with that service provider. Ensure that your employees understand not just their responsibilities, but that of the cloud service provider also and how they fit within your enterprise.
You should also look carefully into the service agreement with any cloud hosting service. We all know the term data mining, and what that incorporates, but when you’re storing sensitive data with a provider, you expect your data to be safe and more importantly, private.
Know about Right to Protect Yourself. However, it seems that some cloud providers are reviewing certain data sets that are being stored and then using that data either for their own development or worse still, for their own gain and selling that data onwards (with mediation). Copyright and Intellectual Property can be at risk, and unless you take proactive measures when looking for a host, you may not know, and you may not have any rights to protect yourself from that once any agreement has been signed.
You choose to integrate cloud services within your enterprise; there is little doubt that they can make significant improvements for your business, but only when managed correctly. It is the same as any other service; you would not just purchase a service without understanding more about it, and you cannot rely on the service provider to make sure your data and storage solution is compliant with local or relative legislation you must do that.
Cost-effective services are also offered as a cloud-based solution. It isn’t just about data storage, again, though, ensure that these services fit within your organization and procedures. Using a cloud-based SaaS provider is a great way to becoming more efficient and saving money. But only if that service works well for your business, don’t leave yourself open to compliance issues.
This article is written by Gunjan Tripathi. He is currently associated with Cheap SSL Shop, an SSL certificate provider. He is passionate about Cyber Security issues. Gunjan writes articles for creating awareness about Cloud Security. Data protection, SSL certificates, Malware, Phishing, etc. Follow him: Facebook | Twitter | Google+ | LinkedIn.