Simple steps for safe cloud storage
This article first appeared in SC Magazine on 30 October 2015.
The take-up of cloud services is increasing as businesses are reassured by advancements in security protection. In the UK, the Cloud Industry Forum believes that 2015 will see a cloud growth spurt with first-time cloud-adopters increasing by 15 percent.
In the US, surveys already show the vast majority of businesses believe that cloud computing gives them a competitive advantage over rivals, helping them to react more effectively to change, and to enter new markets. Cloud computing is here to stay and will continue to prosper as businesses invest in emerging technology, knowing that encryption and risk-management practices are able to give peace-of-mind over the protection of data.
But encryption is a fluid concept. Ultimately the best encryption revolves around client-side cryptography – that is, keeping the encryption keys on your device or in your possession, instead of in the cloud. By moving only encrypted files to the cloud, users can prevent anyone who doesn’t know the password from viewing content, whether that be an individual or an intermediary such as an application service provider. By demanding this vital feature in a backup and file sharing solution, you can be assured that even your service provider won’t have access to your data.
Companies that provide file-sharing systems should be able to showcase robust procedures and security controls, as well as a strong background in breach protection, and the use of client-based encryption.
Commercial systems such as Facebook and Dropbox can only ensure protection of exchanges between clients and servers, and not between the communicating parties themselves. They do not offer client-based encryption, because they want to maintain their access to your data, and thus cannot really protect your files from harm.
Data integrity is an oft-overlooked threat to files that are uploaded to cloud file-sharing services. A study conducted by CERN, the European Organisation of Nuclear Research, found that silent data corruption was present in one out of every 1,500 files uploaded to common storage systems used by many file sharing companies. This is a staggering statistic, and one that could cost your company dearly. A good cloud provider will always offer active block corruption prevention, audit logging, and unlimited version history.
Data sovereignty is another major issue that organisations must tackle on their way to the cloud, especially if they trade in a regulated industry. Not knowing where your data is stored can create both contractual issues and conflicts with regional privacy and data disclosure laws.
The European Union is particularly strict in this field, actively legislating and litigating against large American giants that process and control European data. Potential cloud customers should always read their user agreement to discover how their cloud storage service handles and stores data. Regulated companies should seek guarantees from their storage provider that their data is kept within the EU, or location of their choice.
Unfortunately, companies that do fall victim to a data breach after using a consumer service – and subsequently learn about the true location of their data – are increasingly being caught out by unethical limitations of liability when seeking compensation, usually after facing large fines themselves. For example, business subscribers to Microsoft’s cloud services face this daunting prospect, contained within Clause 14:
“LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. You can recover from Microsoft and its supplier’s only direct damages up to U.S. $5.00 (apx £3.00). You cannot recover any other damages, including consequential, lost profits, special, indirect or incidental damages.”
Of course, there are financial benefits to be found. Cloud computing continues to bring economies of scale, reductions in staff costs, and a reducing need for capital investment. This also helps the Green agenda through energy savings and a reduced carbon footprint.
The UK Government estimates it will save 20 percent of its IT spend by moving services to the cloud. It is easy to see then, why businesses are moving into and expanding their cloud computing presence.
Cloud computing is busy redefining information and communication technology across all business sectors, as early concerns have been overcome by the advancement in security systems, and a growing body of knowledge and associated confidence in the market place.
By employing a proactive approach, educating staff on the dangers of using commercial-grade systems for work, and implementing a proven cloud file-sharing system, you can be sure that your data is kept secure, private and accessible.
To learn more about Nimbox Vault, get in touch.