A Cloudy Future For Your Data?

Recently hackers managed to erase the online life of a US journalist. They were able to do this by exploiting two major points of weakness. Firstly, the journalist had everything stored in the cloud and accessible through a single gateway.

Secondly, the hackers were able to successfully talk their way past the two cloud service providers’ security controls, giving them open entry to the journalist’s entire digital life. To make matters worse, the writer had not backed-up any of his information.

It would be easy to dismiss this story as an example of individual error and oversight; something that simply couldn’t happen to an organisation. But would we be right in doing so? Is a business of ten, a hundred or a thousand people any better protected or prepared for the new vulnerabilities introduced by the cloud?

Gartner’s 2012 technology predictions lists cloud computing as a maturing technology; one of the four main forces currently transforming the information technology landscape. In the face of such breathless enthusiasm and hype it can be easy for businesses to get swept away before properly understanding the advantages and potential business risks.

The term ‘cloud’ refers to applications, infrastructure and platform services. For information management professionals, particularly in mid-market firms, the cost, convenience, flexibility, scalability and storage advantages of the cloud can prove irresistible. International firms or those with an increasingly mobile workforce have a lot to gain from storage applications that can be accessed easily from anywhere.

All this good stuff should be set against the potential risks introduced by cloud-based storage. For example, if your company stores large volumes of information in the cloud, moving that data to and from the cloud can take time and requires substantial bandwidth capability. Security is, somewhat appropriately for a concept named cloud, a rather grey area.

Cloud storage often means your data is downloaded onto a physical disk or server and moved around among and alongside other organisations’ data. Often you have no idea where it is at any moment in time or even under which country’s data protection legislation it falls.

What would you do if your cloud provider went out of business or suffered from a cyber-attack? How about a power cut or hardware failure? What measures are in place to prevent data corruption, or to recover data that has been corrupted?

None of this means you should avoid the cloud; it simply means that you should understand the risks and do what you can to mitigate them. The key is to build robust and secure information management systems that blend emerging and established methods. Such a blended approach has a lot to offer firms looking to harness the potential of cloud services.

A good way of explaining this is to consider the Second and Third Laws of Computing as defined by Guardian journalist Jack Schofield. The Second Law states that “data doesn’t really exist unless you have two copies of it.” In business terms this translates into: “don’t stop using back-up tapes.” Reliance on a single cloud solution could leave your firm dangerously exposed if anything goes wrong. Back-up tapes, stored securely off site will protect your business from irretrievable data loss.

Tape is also ideal for storing sensitive data you don’t want to see floating freely around the cloud. Schofield’s Third Law states that “the easier it is for you [your business] to access your data, the easier it is for someone else to access your data.” As illustrated in the above example, the cloud exposes new vulnerabilities in terms of data control, so highly sensitive information such as intellectual property or share-price sensitive items may be best kept out of the cloud and stored securely on tape.

Thirdly, tape is ideal for providing the security, reliability and longevity of data needed for legal compliance and business continuity. It enables your business to keep going should your internet access be cut off, regardless of whether this is caused by criminal master-minds intent on global cyber-domination or the builders down the road accidentally drilling through your power cable.

The cloud offers so much, but does not absolve users of their data management responsibilities. The best advice I can give is to embrace the potential but protect with the proven. Keep some of your eggs, and copies of the rest, securely tucked in your own basket.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

In his role as head of information risk at Iron Mountain, Christian Toon is the functional lead responsible for developing and implementing information assurance policy standards, goals and strategy within the private and public sectors, so that the confidentiality, integrity and availability of customers’ information assets are preserved. He has a wealth of experience in the industry, having previously held the role of compliance and information security manager at Iron Mountain.