How Secure Is the Cloud? Will It Rain Personal Information Everywhere?
Businesses want to believe in Cloud computing. For those who decide to use the Cloud, the benefits are overwhelming. As modern businesses farm out such overhead activities as human resources and accounting, they must still deal with their IT requirements. Thanks to Cloud computing, businesses can also delegate computing activities, which allows them to concentrate on their core competencies.
Public Perception of Data Security
Unfortunately, everyday media does little to encourage confidence in the Cloud. Each day, stories tell of hacker attacks and compromised data. Business managers are even bombarded at home. An identity protection company estimates that 15 million U.S. citizens have suffered some form of identity theft this past year. This constitutes almost 7% of all adults. Without the proper knowledge of the Cloud and its safety, it is no wonder that many hesitate to take advantage of Cloud computing.
Can Companies Afford to Batten Down the Hatches?
Less than 30 years ago, security personnel would be astounded at the concept of the Internet. In his book “Startup: A Silicon Valley Adventure,” Jerry Kaplan, the inventor of the pre-Microsoft tablet from GO Corporation, explains how he had to block corporate thieves from gaining access to his new technology. After several bold attempts, one desperate thief even entered the GO offices through the space above the ceiling tiles. What would Kaplan think about how modern companies now broadcast their sensitive data through the Internet?
However, modern companies can rarely afford to completely sequester sensitive company data on the premises. While early businesses were located near rivers or railroad tracks to maintain supply lines, modern businesses have few geographic constraints. This allows them to maintain headquarters in one location while still providing services to any other location. International concerns must be able to operate from the center of Silicon Valley to the remote regions of China. Companies cannot ignore the Cloud and lose the competitive advantage it offers as they disseminate their data worldwide.
RELATED: NTTA To Unveil White Paper on Network Security
Risk Assessment – How Big of a Lock Do You Need?
In spite of the utility of Cloud computing, some data will never reach an Internet portal. For example, it is unlikely that the Pentagon stores their NOC list on the Cloud. However, companies can grant levels of access to each type of company data based on a risk assessment. This assessment is based on the following components:
-
Asset – companies analyze the value of each data class. This includes the contribution to the revenue stream, the advantage over competitors, and the relationship to the company’s public image. For instance, an online bookseller may apply this analysis to their customer credit information. They realize that a speedy checkout may be one of their selling points and competitive advantages. They also understand that compromising that data would cast a negative perception on their checkout process, and potentially on the company itself.
-
Threat – firms determine how attractive their data is to potential thieves. Is a bookseller’s customer list attractive to competitors? Would it present an attractive challenge to hackers?
-
Vulnerability assessment – how hard is it for a motivated person to obtain sensitive data? A bookseller may hesitate when storing customer data on the Cloud in order to keep their valuable data within their own control. This is the time for a business manager to thoroughly research the security of the Cloud. With this information, the managers can decide how big a lock is necessary. In other words, they can design the proper data protection strategy and the depth of measures they must implement.
RELATED: IaaS, PaaS and SaaS Explained
Birds Do It, Bees Do It …
As the song goes, even “educated fleas” fall in love with distributed computing. Most business managers have a successful experience with Cloud computing nearly every day … when they visit their ATM. This is a superb example of highly sensitive information being distributed to a tremendous number of terminals. Utilizing the cloud, banks trust their operations to a secure, distributed system.
The Market for Security Information
As managers research data security, they learn that there is a burgeoning market for information. IT magazines dedicate large sections to security technology. Business journals outline the essential steps for designing a secure information infrastructure. Contractors can perform security audits on a data-intensive firm. Business managers can take advantage of this proliferation of knowledge to educate themselves on the kind of security they need for their particular company.
How Does the Cloud Affect the Level of Security?
If a company already transmits secure information over a network as banks do with an ATM, then the Cloud simply adds a virtualization layer that must be secured. Security analysts often split security issues into those attributed to the Cloud data center and others associated with the client company. Interestingly, the virtual layer is rarely attacked. The main concern with the provider is a breach at the administrator workstation that can cause the datacenter to fail, or to allow a hacker to reconfigure the data center. Often, the first line of defense is a tightening of measures on the client side. This can include using strong passwords or increasing authentication strategies.
RELATED: Managing Multilingual Documents
Specific Strategies: Data Sharing and Obfuscation
A data sharing strategy leaves thieves without a definitive point of attack. Multi-tenant applications such as popular mobile apps use the same execution code for every user. By contrast, the specific user information is spread out among all the participating devices. There is no single point of access. Data centers use this strategy by spreading and replicating sensitive data among various facilities throughout the world.
This process is called sharding, and forms the basis of data obfuscation. In a way, it is like taking a sensitive document, sending it through a shredder, and scattering the pieces. Only the legitimate document recipient has the proper “unshredder” to gather the individual pieces and reassemble them into a coherent whole.
Future Issues
In the coming years, users’ trust in the Cloud may depend on the role of government regulations. As business owners try to balance the legitimate dissemination of data with its exposure to hackers, they find government imposing “Cloud requirements” that often work outside a firm understanding of the Cloud. Business managers who have embraced the Cloud may find they must influence governmental regulation in the same way they instill a proper perception among the public.
Meet the Secure Cloud
Whether you are just beginning your education into security technology for the Cloud or are ready to implement a solution, we at Hanei Marketing are ready to help. We want you to have confidence in your distributed operations. Contact us to find how we can offer secure Cloud computing for your company.
Top image ©GL Stock Images