With RightScale’s 2016 State of the Cloud survey finding security to be the second most frequently cited challenge surrounding cloud computing – as mentioned by 29% of IT professionals polled – it’s understandable that when your organisation is contemplating a move to the cloud, many questions will revolve around security.
Specialist firms like RedPixie are continuing to show the considerable potential of business data in the cloud, but if security is still your prime concern, here is what you need to know.
Remember that access matters more than location
It’s easy to see why so many firms hesitate to have their data stored remotely rather than on their own premises – after all, the very notion of it sounds unsafe to some. Cloud computing may involve the storage of your data in a data centre on the other side of the world, on the same servers as other people’s data. At least in theory, you don’t enjoy the same level of control over your data as you would if it was kept on your own server.
Such persistent myths of the cloud as an insecure place to store data are only further fuelled by well-publicised incidents like the hacking of celebrity accounts on Apple’s online cloud service, iCloud, which might make it unsurprising that according to the BBC news, even in 2016, less than 10% of the world’s data is stored in the cloud.
However, when you dig deeper into the circumstances behind such high-profile breaches, it will probably become clear to you that the physical location of your data means less from a security perspective than the means by which it is accessed.
For example, when Apple investigated the circumstances of the aforementioned hack – which resulted in explicit photos of celebrities such as Jennifer Lawrence and Kate Upton appearing on the website 4Chan – it was found that the hacker had gained access through usernames, passwords and security questions, rather than by taking advantage of any iCloud-specific vulnerability.
In the words of the Cupertino giant’s statement entitled Update to Celebrity Photo Investigation, “none of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find My iPhone.” It therefore seems that it was merely insufficiently complex usernames and passwords that were at fault for the images ending up in the wrong hands.
What can you do to ensure the security of your cloud storage?
First of all, it is vital to appreciate that there is no such thing as a ‘free lunch’ when it comes to data security – whether your data is in the cloud or on your own premises, many of the same good-practice security precautions apply.
Next, you are advised to carefully consider the security and governance requirements for whatever data storage method you choose. Then, look for the potential areas of vulnerability in your systems, placing the emphasis on how access to your data is controlled, rather than necessarily where it is physically located.
Remember that regardless of how you store your data, hackers will look for areas of vulnerability, so appropriate testing is a must. The more thoroughly you have tested your systems, the greater the faith you can have in their security.
Carry out suitable planning and use the right technology, and you can maximise the likelihood that your own organisation’s cloud system will be a truly secure one, while ensuring that you don’t suffer the same fate as the two thirds of large businesses that have experienced a cyber attack or data breach in the last year, according to the British government’s Cyber Security Breaches Survey 2016.