We’d like to provide some information concerning a subject very dear to our hearts as technology enthusiasts– Cloud storage and its validity as a secure medium for storage. We’ve mentioned previously that several factors need to be weighed out in regards to considering a cloud situation due to the myriad of ‘unknowns’ regarding cloud security.
Let’s start with most recently, a very informative article published by Christian Toon this morning. Toon is the head of Information Security over at Iron Mountain Europe and explains his side of the coin over on that side of the pond regarding liability for any loss of information due to a security breach. One very important point he brings up involves one of our favorite topics– compliance. 38 percent of the 1,200 companies surveyed expressed concern about what is known as ‘data sovereignty’, or the legal\boundary restrictions given to specific pieces of data(like HR records). Most people tend to overlook the fact that data centres can move between facilities during event slike data migration and maintenance, or simply a good economy stimulating growth. Outsourcing data centres is a popular trend as of lately, increasing the risk for compliance issues for a vast majority of companies out there– food for thought.
Begin to factor in things like natural disasters than can affect accessibility to your data coupled with the persistent threat of security breaches and cyber attacks and you’re looking at the responsibility for your data falling in different directions.
In the case of Europe, EU law places accountability for lost or compromised data firmly in the hands of the owner, not the service provider. Of 51 data breaches at US business in 2010, the average costs associated with the breaches reached $7.2 million, or $214 per affected customer, according to the Ponemon Institute. Divided between any physical damage, work lost, hours needed to recoup and compliance violation fines, this can devastate the majority of small businesses in the states.
The United States statutes and laws concerning responsibility for security in the cloud heavily favors service providers in the case of Software-as-a-Service(SaaS) platforms and is shared equally in Infrastructure-as-a-Service(IaaS) applications between providers and the enterprise themselves.
Establishing baseline levels of security like firewalls and load balancing combined with security software for all devices on a network will relieve a bit of the pressure in this situation in the hopes of avoiding the eventual finger-pointing that follows a breach. Proper education and empowerment of enterprise users is the best guarantee of maintaining clean data being uploaded to your cloud, server or combination of the two. If you are currently in the process of pursuing a Cloud service provider, be sure to start a dialogue concerning how your data will be protected once it leaves your systems and enters their cloud. Encrypting data in the cloud is a possibility with some providers and should be explored in detail.
As the cloud grows in its inevitable popularity, make sure you understand the risks for you as an individual and as a business, and discuss your options with an IT professional in order to create the best structure for your needs.