Going up? Safety first, then send your data to the cloud
Blog Article Published: 03/28/2013
By: Joe Sturonas, CTO, PKWARE As the proliferation of data continues to plague businesses, the pressure is on for companies to migrate away from their physical data centers. Cloud computing is being adopted at a rapid rate because it addresses not only the costs for physical space, but also rising energy costs and mandates for more scalable IT services. Enterprises are drastically reducing their storage spend by using online storage solution providers to store massive amounts of data on third-party servers. The cloud is definitely calling, but even the most seasoned IT processionals debate, grapple and get a bit intimidated by an otherwise simple term that has taken the world by storm. Inevitable Risk Every minute of every day presents the opportunity for a data mishap. A security breach, as well as lost, stolen or even compromised records, triggers negative exposure that quickly equates to forfeited sales, legal fees, disclosure expenses and a host of remediation costs. The fallout can result in years of struggle to recoup reputation and repair a brand in the marketplace. Cloud providers do not want to be held liable for any issues related to your data loss. Best case, they will credit back your fees, but nothing can help a damaged reputation or customers who leave your organization when a data breach occurs. While the cloud environment seems be to a holy grail for trends around data proliferation and massive storage needs; clouds present complex security issues and put critical corporate data, intellectual property, customer information, and PII in potential jeopardy. Enterprises forfeit security and governance control when data is handed over and cloud providers do not assume responsibility. The recent cyber attacks by groups like Anonymous and data breaches like that of LinkedIn illustrate the need to incorporate an advanced risk and compliance plan that includes any third-party managed cloud environment. Clearly, the cloud often opens a Pandora's Box for unanticipated consequences. Storing huge amounts of data on third party servers may mean instant online access and lower costs; however, that data is often comingled on shared servers and exposed to users you don’t know. If your Cloud storage provider encrypts your data but holds the key, anyone working for that Cloud storage provider can gain access to your data. That means the potential of your data be shared, sold, marketed to and profiled for someone else’s gain. Data also has to actually “get to” the cloud, which usually means leaving your trusted infrastructure and overcoming compounded transfer vulnerabilities as data moves to and from the cloud. Even the most unintended data breach could cost a company its reputation. Potential Pitfalls Transfer vulnerabilities- The potential for data breaches is multiplied as data travels to and from the cloud using various networks especially in highly mobile and distributed workforces. Non-compliance penalties- Extended enterprises, partner networks and virtual machines are continuously scrutinized for compliance. All sensitive data must be protected with appropriate measures. Storage expense- Companies are charged by the amount of data that is put into the cloud; therefore providers lack motivation to compress that data. Any compression by providers is deemed unreliable since encrypted data cannot be compressed. Provider holds the keys- Cloud agreements can address how internal folks at the vendor will be managing your data. Provisions can limit administrative access and grant who has hiring and oversight over those privileged administrators. If the data that is housed in the Cloud is, in fact, encrypted then the issue becomes more about who maintains the keys. To summarize…
- Security breaches will happen even for the most vigilant that do not encrypt their data.
- Your company’s reputation is at stake.
- Security regulations are increasing.
- The Cloud introduces new levels of risk.
- Cloud providers have root access to all your unencrypted data in the cloud, and they are not your employees.