Home / Blogs

Overcoming Cloud Storage Security Concerns: 7 Key Steps

According to a 2013 TwinStrata survey, 46 percent of organizations use cloud storage services and 38 percent plan to adopt this technology in the near future. Cloud storage capacity demands are increasing 40 to 60 percent year-over-year, while storage density lags behind at 20 percent. The result? More data, growing demands for space and increasing security concerns. How do enterprises overcome cloud storage security challenges?

Get Physical

In 2014 companies need to focus on the physical location of cloud servers in addition to virtual security controls, argues an April 22 article from Tech Radar. In part, this plays into the emerging idea of “data nationalism,” which ideally protects information stored by a business within the borders of its own country. In other words, cloud security threats don’t always come from malicious actors but may also come from governments; local servers are perceived to offer increased protection.

No Knowledge, No Problems

An emerging cloud storage trend is “zero knowledge.” Here, storage vendors encrypt company data and then hand over the keys, meaning only authorized personnel have access and there’s no way for service providers to “snoop” on corporate data movement in the cloud. This is especially critical for companies looking to store large volumes of personally identifiable information (PII) such as names, birthdates or Social Security numbers.

Know Your Vendor

As a recent Network World piece points out, however, it is possible for vendors to spoof access credentials when data is transferred across the cloud, giving them unsupervised access to data. While the research team from John Hopkins University that discovered this flaw found no evidence of any storage vendors exploiting it for their own purposes, it raises an excellent point: Companies need to know who’s storing their data, where, and what kind of reputation the vendor has in the cloud storage market.

Consider Your Contract

Keeping data secure in the cloud also means taking the time to thoroughly vet any service level agreement (SLA). Start by looking for penalty clauses; what happens if the provider fails to keep data secure, loses data or doesn’t provide agreed-upon uptime?

In addition, ask specific questions about data backup, disaster recovery and the storage facility itself. As Computer World notes, cloud storage is new enough to market that no hard-and-fast industry standards exist—as a result, some providers try to get by on strong language but no real substance.

Split Stacks

To keep data secure in the cloud, there’s nothing wrong with splitting stacks. Search Cloud Storage recommends leaving mission-critical apps on local servers, but it’s also worth expanding this concept and considering multiple vendors. For archival information, a low-cost, basic security provider may do the job, but for data used every day, look for a high efficiency, zero-knowledge alternative. Done right, split stacks can net cost savings without security compromise.

Embrace Encryption

Always encrypt. If your provider doesn’t offer cloud-level encryption, make sure everything sent from local computers to the cloud runs through a software archiver before leaving. There are a number of open-source tools available, such as TrueCrypt, which offer multiple encryption algorithms.

Educate End Users

Sometimes it’s not cloud storage vendors who pose risks to company data. For example, employees downloading files from corporate networks to personal clouds can accidentally introduce the potential for malicious action. As a result, it’s critical to develop a set of best use practices and employee expectations.

Reduced storage overhead? Increased availability and ease of access? Cloud storage offers a host of benefits—so long as security challenges are met head-on.

NORDVPN DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By David Eisner, President & CEO at Dataprise, Inc

He founded Dataprise in 1995 and has led its growth from tiny start-up to recognized leader in providing managed IT services to small and medium-size businesses.

Visit Page

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

DNS

Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API

IPv4 Markets

Sponsored byIPv4.Global

Cybersecurity

Sponsored byVerisign

New TLDs

Sponsored byRadix

Brand Protection

Sponsored byCSC

Domain Names

Sponsored byVerisign