A Guide To Protecting Your Data In The Cloud
It's time to face facts: the cloud is here in a big way. It's easy to see why. Not only does it keep costs down by not requiring space in a business or expensive physical servers, it also keeps the energy bill low. Add on to that the fact it is highly scalable, meeting the changing needs of businesses in an instant, and you can see why the best cloud hosting is the perfect solution for any business.
Why hasn't everyone rushed towards the cloud with open arms? Even professionals in the IT field are hesitant to jump in, and for one simple reason: security risks.
The Problem
With security breaches plaguing the Internet, putting at risk the highly sensitive data of many, it's easy to see why some businesses initially balk at the cloud hosting option. Sometimes, after legal fees and remediation costs, it can take years to recover and regain the trust of jilted customers. Although you might get some fees refunded from your cloud provider for the inconvenience, it's tough to win back those customers whose data was compromised.
With attacks happening everywhere lately, such as the attacks by Anonymous and breaches of sites like LinkedIn, it's easy to see why these concerns about cloud data safety are legitimate.
Cloud hosting of your data is kind of like a shared hosting situation, in that you and many other companies share space on the server. However, those servers are in many different physical locations and your data does run the risk of being viewed by eyes it wasn't intended for. Yes, your hosting provider might encrypt your data, but do they hold the key? Any employee of that provider can then get to your data.
What Can Go Wrong?
- The key is in the wrong hands – As we just discussed, it is not a good idea to leave the security key for your encrypted data in your provider's hands. Read the plan's terms of service and if anyone at the company can access the key, you'll want to change that right away. For a safer arrangement, make it so that only you hold the key to your encrypted data.
- Data transfer issues – Data breaches can, and do, occur during that period of time where data is moving to and from the cloud. Chances increase when you add mobile computing into the equation.
How To Protect Yourself
First, you'll want to go through your company's security procedures. Add language to address the use of the cloud to store your data, and make sure the only people with access to the cloud truly need access. The less people with access to this data, the better.
Hold meetings with your employees to discuss use of the cloud and all associated risks involved. They may have no idea of the risks of adding insecure data. Clue them in, and provide a copy of your newly crafted security policy for them to sign. Though you might not want them to use services such as Dropbox, they're probably going to anyway. If you arm them with tips on using the service in a more secure way, they'll be more receptive than if you banned use of the service entirely.
As long as you are encrypting your data at the file level religiously and you are the only one with the key, not only will you be protected in the event your cloud hosting provider is hacked, you'll be ensuring you're in compliance with numerous regulatory standards in the industry such as the EU Privacy Act, FIPS140-2, PCI DSS, and a host of others.
Hopefully, a security breach never happens for your company. In the event it does, if you've followed this guide, you can proudly say that no data was compromised as a result.
