Home / Blogs

Overcoming Cloud Storage Security Concerns: 7 Key Steps

David Eisner

According to a 2013 TwinStrata survey, 46 percent of organizations use cloud storage services and 38 percent plan to adopt this technology in the near future. Cloud storage capacity demands are increasing 40 to 60 percent year-over-year, while storage density lags behind at 20 percent. The result? More data, growing demands for space and increasing security concerns. How do enterprises overcome cloud storage security challenges?

Get Physical

In 2014 companies need to focus on the physical location of cloud servers in addition to virtual security controls, argues an April 22 article from Tech Radar. In part, this plays into the emerging idea of "data nationalism," which ideally protects information stored by a business within the borders of its own country. In other words, cloud security threats don't always come from malicious actors but may also come from governments; local servers are perceived to offer increased protection.

No Knowledge, No Problems

An emerging cloud storage trend is "zero knowledge." Here, storage vendors encrypt company data and then hand over the keys, meaning only authorized personnel have access and there's no way for service providers to "snoop" on corporate data movement in the cloud. This is especially critical for companies looking to store large volumes of personally identifiable information (PII) such as names, birthdates or Social Security numbers.

Know Your Vendor

As a recent Network World piece points out, however, it is possible for vendors to spoof access credentials when data is transferred across the cloud, giving them unsupervised access to data. While the research team from John Hopkins University that discovered this flaw found no evidence of any storage vendors exploiting it for their own purposes, it raises an excellent point: Companies need to know who's storing their data, where, and what kind of reputation the vendor has in the cloud storage market.

Consider Your Contract

Keeping data secure in the cloud also means taking the time to thoroughly vet any service level agreement (SLA). Start by looking for penalty clauses; what happens if the provider fails to keep data secure, loses data or doesn't provide agreed-upon uptime?

In addition, ask specific questions about data backup, disaster recovery and the storage facility itself. As Computer World notes, cloud storage is new enough to market that no hard-and-fast industry standards exist — as a result, some providers try to get by on strong language but no real substance.

Split Stacks

To keep data secure in the cloud, there's nothing wrong with splitting stacks. Search Cloud Storage recommends leaving mission-critical apps on local servers, but it's also worth expanding this concept and considering multiple vendors. For archival information, a low-cost, basic security provider may do the job, but for data used every day, look for a high efficiency, zero-knowledge alternative. Done right, split stacks can net cost savings without security compromise.

Embrace Encryption

Always encrypt. If your provider doesn't offer cloud-level encryption, make sure everything sent from local computers to the cloud runs through a software archiver before leaving. There are a number of open-source tools available, such as TrueCrypt, which offer multiple encryption algorithms.

Educate End Users

Sometimes it's not cloud storage vendors who pose risks to company data. For example, employees downloading files from corporate networks to personal clouds can accidentally introduce the potential for malicious action. As a result, it's critical to develop a set of best use practices and employee expectations.

Reduced storage overhead? Increased availability and ease of access? Cloud storage offers a host of benefits — so long as security challenges are met head-on.

By David Eisner, President & CEO at Dataprise, Inc – He founded Dataprise in 1995 and has led its growth from tiny start-up to recognized leader in providing managed IT services to small and medium-size businesses. Visit Page
Follow CircleID on
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

To post comments, please login or create an account.

Related

Topics

IP Addressing

Sponsored byAvenue4 LLC

New TLDs

Sponsored byAfilias

DNS Security

Sponsored byAfilias

Domain Names

Sponsored byVerisign

Cybersecurity

Sponsored byVerisign