Where There Are Clouds, There Could Be Rain

The cloud has become increasingly popular as the default way of managing many global business applications through its simplicity and cost effectiveness. As a result an increasing volume of data is stored there. Cloud storage and transfer services are therefore becoming more and more popular as the cloud heads towards the default method of providing services

The cloud offers many advantages. For example: not needing to worry about infrastructure and 24/7 availability. The cloud could also be said to take care of backup… or does it?

The cloud offers significant business advantages, particularly by reducing overheads and costs, as well as, the need for fewer infrastructures. In theory, it also takes care of your data backup, as mentioned previously. However do you really want to leave the backup of your valuable data down to your provider? That is perhaps a question that we should leave to other experts?

I’d like to talk about other key security issues for those of us who already use or are considering the use of cloud.

Today it is possible to prevent cloud service providers access, by blocking them from the internal network. However, preventing access does not mean that the user will not use alternative methods of cloud storage in uncontrolled environments, such as home or public networks, using various browser Apps. To achieve true safety, an endpoint solution is required to prevent access. As we progress and more and more cloud services are used to store, exchange and analyze data, it will become even more difficult to prevent users from using the many cloud transfer services available, which are quick, easy and cheap to use. The need and availability will eventually overcome the more cautious approach to cloud that many businesses have at present

It is clearly becoming crucial to have a cloud security strategy. Cloud storage providers already use encrypting techniques for data-in-motion and data-at-rest, but just like backups: is it really sensible to rely only on your supplier to protect your sensitive data? How important is that data stored in the cloud? Could losing this data, or malicious insiders or outsiders having access put your company at risk? This begs the question: can you really rely only on the cloud?

One approach for a well-designed cloud data security strategy is to separate the data from the encryption keys.

The idea is quite simple. Data in the cloud becomes encrypted with a cryptographic secret that is not known by the storage provider. The cryptographic keys only belong to the owner of the data… You! The cloud has your data, but it does not have the encryption keys. The encryption keys alone, even if they are also stored in the cloud by another service provider, do not have access to the physical data.

By separating the data and the keys, only the owner of both is able to access the content.

This process makes it impossible for anyone else besides the ‘owner’ from accessing the sensitive content, making your data secure. A simple solution to what could be a complex threat.

Today there are solutions available that allow data in the cloud to be secure, but as the volume of data and the types and numbers of services expand, it will become more and more important to secure data while it is being transmitted, often from one service to another.

Previous Post
Negligence or Human Error – Primary Cause of a Data Breach
Next Post
Using the Key to Unlock Your Cloud Encryption Strategy

Related Posts

A new year, same mistakes

It’s 2013 and everything old is new again. It’s 10 days into the year and so far we’ve heard about at least two key data thefts and a summary penalty for exposing personal health info in the U.S. (more…)
Read more

6 Best Practices for Secure Health Information

Holistic, comprehensive security strategies, centered on protecting data, not devices, are easier than ever thanks to current encryption technology. According to a recent Ponemon Institute study, over the last five years healthcare organizations have slowly increased their investment in data…
Read more

Think Safety, Stay Secure

Safety is one of the most important aspects today – for people, for organizations, for governments and for countries. There is a lot of talk around the safety of people in general and data, which is critical to businesses. (more…)

Leave a Reply

Your email address will not be published.

Fill out this field
Fill out this field
Please enter a valid email address.

Menu
Contact Us

This will close in 15 seconds