John Boitnott is a longtime digital media consultant and advisor to StartupGrind.
Cloud computing is one of the most valuable innovations for business, providing cheap, virtual services that once required expensive, local hardware. We place almost everything in the cloud, but what do we really know about its security? How do we protect ourselves and our privacy from being compromised?
Fears over cloud security were not assuaged last year when Dropbox, a popular online cloud storage platform, was hacked yet again. This attack resulted in unauthorized access to employee accounts containing personal information of users, and spam being sent to users’ personal folders. There have been other slightly more embarrassing security controversies for the term dropbox, but we won’t go there.
Despite the risks, most businesses are already using multiple cloud services to handle a myriad of business operations. The cloud is only going to become more important to us, and we must find ways to protect our data while getting the high quality performance we need. A large part of performance means adequate security. A cloud storage provider should tell you if your passwords are not strong enough, for example. Consumers and businesses alike should take the time to ask real questions and assess whether their cloud storage provider is taking security seriously.
According to Steve MacLellan, senior vice president of enterprise architecture for financial services of Fidelity Technology Group, when it comes to security there is no way to understand the cloud storage market until you investigate.
When it comes to cloud security, be aware that:
- The only way to stay abreast is to ask clear and direct questions about security policies if you cannot locate the information online. Take ownership.
- When possible, look for information about the actual location of the cloud server. Taking this step will help you to be sure that physical security measures are appropriate.
- Username and password security are among the chief vulnerabilities, but more and more companies are trusting encryption measures.
- You can enhance cloud security by using the correct industry standard encryption and authentication protocols, such as IPsec, before transferring data to the cloud.
The best cloud storage services place the customer in control of their files, not the service provider. This means the customer controls when their files are encrypted and decrypted. This works best because it bypasses the human element — it means there are no policies, protocols, or authorizations that can be circumvented. Services, such as Wuala, encrypt data on the client-side and their employees have extremely limited access to clients’ files. Another example of a company promoting secure cloud storage is Bitcasa. The company encrypts your files for you before they are uploaded to the cloud, and keeps three copies of all data in storage for durability. To further protect your files, Bitcasa stores your data as encrypted blocks, not files, so only the user’s authentication can reconstruct the random blocks back into files.
Very few people take a moment to consider the security of where they put their data. According to the recently released Security of Cloud Computing Users Study, only half of those surveyed said that they examine the cloud security features of the services they use. Wow! It gets worse, over 50% of those surveyed are completely confident in the security of their cloud services.
These results mean that to put forward the best cloud security posture, a business needs to institute protocols for the use of cloud storage services to keep all employees on the same system. When in the market for a service, businesses must take responsibility and be sure to inquire into all the details of the security features provided. Find out if a service has received any awards or certificates such as the Certificate of Cloud Security Knowledge.
When it comes to security, transparency is key. A cloud storage company should show that it takes security seriously. Companies should clearly explain the protection measures they take to secure the information they are entrusted with.
Ideally, client data should be encrypted before it is uploaded to the cloud, so that only the user can decrypt the data. Services such as Bitcasa, Open Drive, and Egnyte provide plenty of information about their secure cloud storage, and guarantee encrypted data transfer and redundant storage. It’s your data, compute carefully!
Cloud security photo via Shutterstock
John Boitnott is a longtime digital media consultant and advisor to StartupGrind. Previously, he’s worked at ViralHeat, Hasai, and spent over 15 years as a journalist at NBC and the Village Voice, among others. He wrote for VentureBeat on a regular basis back in 2010 and ’11. John started using social media to help bring visitors to web sites back in 2007 and has been doing it ever since.
VB's research team is studying web-personalization... Chime in here, and we’ll share the results.