Is The Cloud Really Safe For Your Data?
What are the pros and cons of storing data remotely?
The cloud is a popular solution but a recent issue involving an unsecured database that revealed the personal information of 87 million Mexicans is causing this popular technology to come under scrutiny.
The personal information of these individuals is no longer accessible but the issue occurred on a database stored on a cloud server that belonged to Amazon Web Services.
A recent BBC report revealed that cloud technology is not a major issue since most of the main data breaches that occurred during the past five years (incuding Sony, Target, TalkTalk and Ashley Madison) were caused by faulty internal database and not by cloud-based storage.
Cloud computing allows businesses to store data and to run applications remotely instead of relying on local storage methods. This is a good way to reduce IT costs and to make things faster. Besides, a number of cloud-based services allow businesses to develop new products faster and to provide better services to their clients.
The main issue with relying on a third party service to store data is that breaches can happen. The data can be lost, corrupted, wiped or even stolen.
Encryption is the best line of defense. Data stored on cloud servers can be encrypted, included when the data is uploaded or downloaded and while it is stored on the servers. The example mentioned above shows that not all service providers use encryption since the personal information of the Mexican individuals was not protected. Amazon Web Services uses 1,800 security controls for the different services offered. The customers can select which controls they use and how their data is encrypted. Customers can also decide who has access to the data or the apps stored on the cloud servers.
Amazon Web Services customers can choose which encryption keys are used to protect their data. This means that no one can access the data, including Amazon Web Services employees. Some companies offer a slightly different approach where sensitive data is kept in a private cloud while a public cloud server is used for other data and apps.
Google Cloud, Amazon Web Services and Microsoft Azure are among the most popular vendors for public cloud-based services. Even though these service providers are very popular, a report showed that less than 10% of the world's data is actually stored on cloud servers.
Cloud technology is still a recent thing and a lot of companies do not want to take any risks by switching to this technology.
In a recent talk at the Cyber Security Professionals Exhibition in York, Amethyst MD Steve Howe said:
“Does anyone ask where this cloud is? Is this ‘cloud’ computer in the UK, China, Syria? Who else is sharing that cloud? “
“It’s confusing. A cloud looks so fluffy, nice and safe – but it isn’t. It’s someone else’s computer.”
The fact that data can be stored anywhere in the world is an issue. New regulations are emerging in Europe, including the Safe Harbour data sharing agreement (read more here). Under the new agreement, data providers are encouraged to offer to host the data on servers located within the clients' region. Even though it is possible to store data anywhere in the world, clients often prefer to have their data center within the same country.
A good cloud provider should understand what your business does. The cloud provider you select should have a solid understanding of the requirements that apply to your industry and should prove that they can fulfill their promises.
You can read the full report here