|
According to a 2013 TwinStrata survey, 46 percent of organizations use cloud storage services and 38 percent plan to adopt this technology in the near future. Cloud storage capacity demands are increasing 40 to 60 percent year-over-year, while storage density lags behind at 20 percent. The result? More data, growing demands for space and increasing security concerns. How do enterprises overcome cloud storage security challenges?
Get Physical
In 2014 companies need to focus on the physical location of cloud servers in addition to virtual security controls, argues an April 22 article from Tech Radar. In part, this plays into the emerging idea of “data nationalism,” which ideally protects information stored by a business within the borders of its own country. In other words, cloud security threats don’t always come from malicious actors but may also come from governments; local servers are perceived to offer increased protection.
No Knowledge, No Problems
An emerging cloud storage trend is “zero knowledge.” Here, storage vendors encrypt company data and then hand over the keys, meaning only authorized personnel have access and there’s no way for service providers to “snoop” on corporate data movement in the cloud. This is especially critical for companies looking to store large volumes of personally identifiable information (PII) such as names, birthdates or Social Security numbers.
Know Your Vendor
As a recent Network World piece points out, however, it is possible for vendors to spoof access credentials when data is transferred across the cloud, giving them unsupervised access to data. While the research team from John Hopkins University that discovered this flaw found no evidence of any storage vendors exploiting it for their own purposes, it raises an excellent point: Companies need to know who’s storing their data, where, and what kind of reputation the vendor has in the cloud storage market.
Consider Your Contract
Keeping data secure in the cloud also means taking the time to thoroughly vet any service level agreement (SLA). Start by looking for penalty clauses; what happens if the provider fails to keep data secure, loses data or doesn’t provide agreed-upon uptime?
In addition, ask specific questions about data backup, disaster recovery and the storage facility itself. As Computer World notes, cloud storage is new enough to market that no hard-and-fast industry standards exist—as a result, some providers try to get by on strong language but no real substance.
Split Stacks
To keep data secure in the cloud, there’s nothing wrong with splitting stacks. Search Cloud Storage recommends leaving mission-critical apps on local servers, but it’s also worth expanding this concept and considering multiple vendors. For archival information, a low-cost, basic security provider may do the job, but for data used every day, look for a high efficiency, zero-knowledge alternative. Done right, split stacks can net cost savings without security compromise.
Embrace Encryption
Always encrypt. If your provider doesn’t offer cloud-level encryption, make sure everything sent from local computers to the cloud runs through a software archiver before leaving. There are a number of open-source tools available, such as TrueCrypt, which offer multiple encryption algorithms.
Educate End Users
Sometimes it’s not cloud storage vendors who pose risks to company data. For example, employees downloading files from corporate networks to personal clouds can accidentally introduce the potential for malicious action. As a result, it’s critical to develop a set of best use practices and employee expectations.
Reduced storage overhead? Increased availability and ease of access? Cloud storage offers a host of benefits—so long as security challenges are met head-on.
Sponsored byDNIB.com
Sponsored byWhoisXML API
Sponsored byIPv4.Global
Sponsored byVerisign
Sponsored byRadix
Sponsored byCSC
Sponsored byVerisign