The cloud will be compromised – have you got an escape route planned?

cloud-security

With what appears to be limitless storage options, for many the cloud is an attractive proposition. It offers savings to organisations looking to cut down the premium space they need to store data centres, and it can increase efficiency with data and applications shared over the internet. However, with questions still remaining over its security, how can organisations best utilise this exciting resource?

When you board an aeroplane you’re asked to buckle your seat belt and listen to an important safety announcement. The same is true before you propel your data down the runway and jet it into the cloud.

So, what’s in our safety demonstration:

Pack Carefully

If you’ve flown before you’ll know that there is limited space in the cabin with the majority of your luggage having to travel in the hold. Therefore, when you pack, you make sure your most valuable items are squeezed into your in-flight bag. For data, it’s not very different.

Before packing all your data off into the cloud you need to sort it and, for most organisations, not all of it will be suitable to store in the ‘hold’. If the data contains sensitive information that, if compromised, could damage your organisation, then you need to be asking yourself if it really should be jetted off into the cloud?

Prepare for passport control

So, sticking with our aviation theme, before you get anywhere near an aeroplane, and your luggage in its hold, you have to pass through stringent security checks and have your passport examined. Legitimate travellers will have the correct documentation and allowed access but, in an ideal world, those that don’t will be identified and prevented access before they can cause any damage.

Assuming you’ve decided to store your data in the cloud, you need to make sure your passport controls are as effective. If they’re too stringent or time consuming legitimate users may not be allowed access, however too lax and anyone can get in and violate the data.

Providing flexible access may mean your users will want to use personal devices from outside the corporate environment. This can open a whole can of worms as the device may be infected with key loggers, or other malware, that could jeopardise the data or application’s security.

If data is password protected in the real world, then virtually it needs even stronger defences. The question has to be asked whether cloud security offers this and, if you can’t be guaranteed, then serious doubts must remain over its suitability for your organisation.

Fasten your seatbelt and stow your table in the upright position

Personally, I always wonder just how effective an aeroplane seatbelt is but, luckily, I’ve never been on a plane when it has experienced violent turbulence or even crashed so I haven’t found out. Could the same be true for cloud seatbelts?

New encryption software is creeping into the market designed to protect data stored in the cloud. With AES 256-bit encryption accepted as the most secure option in the real world, I wouldn’t recommend anything less should even be considered for virtual storage.

In reality, until we really know how insecure these storage facilities actually are in the first instance, we have no real idea whether these solutions are necessary or will even work. That said, admittedly I still fasten my seatbelt when the pilot switches on the sign and would recommend you do the same for your data. What I would say is, if you’re in any doubt about whether you can risk your data falling from the sky, perhaps it shouldn’t be there in the first place.

You’ve arrived at your destination

We’ve all experienced the holiday of a life time that doesn’t quite live up to it’s billing. The climate that’s either too hot or too cold or that half the items you’ve crammed into your suitcase aren’t needed yet the cable to charge your mobile phone has somehow been left behind. The cloud is exactly the same.

It isn’t suitable for everything, or everyone. Careful consideration and planning needs to be undertaken first if you’re to migrate the right applications and data to benefit from increased efficiencies and lowers costs.

Another element is download speeds. Agreed, bandwidth should not be the only consideration when selecting a cloud service provider but it is an important factor. It needs to be balanced with quality of support, pricing, features and reliability.

One final consideration I would urge you to cover is, having planned your migration to the cloud, make sure you’ve get an escape route planned if you find it isn’t everything you dreamed it would be. How will you reclaim your data, are you locked in for a given period, will they help you transfer to another provider?

It is my belief that the cloud environment will be compromised at some point – probably in the not too distant future. I don’t appear to be alone in this as IT analyst Gartner advises businesses that they must work closely with their cloud computing services provider to ensure that potential security issues are flagged up, and dealt with, before they become a problem. Don’t be blinded by promises of performance or cost savings – a security breach could quickly eradicate both of these benefits and potentially deal a fatal blow to your organisation.

So be warned, even a parachute might not protect your data if someone decides to push it from the cloud.

Andy Cordial is MD at Origin Storage. Andy started his computer industry career in 1987 working for tape manufacturer Everex Systems. He moved into computer distribution in 1989 and set up his first computer company ‘XL Distribution’. XL merged with Datrontech in '92 where he worked in Management team. Andy saw Datrontech through flotation on LSE then left to start Upgrade Options in '96. Andy sold upgrade (MBO) in '03 and invested in Origin Storage. Andy built Origin to a £5.2m business and has seen it enter the Times Fast track 100. Andy now owns 100% shareholding of Origin after successful purchase of his partner in 2009.