wpengine, Author at The Privacy Post

0

Raising the Bar: Common Gaps in Cloud Security

Posted by on May 26, 2013

Cloud storage and sharing services have revolutionized the business world, offering convenient data storage and syncing for mobile workers. Cloud services have saved companies the massive costs of servers and a bigger staff, but without proper risk management, a company’s entire reputation could be shattered with a single security breach. The imminent threat of third party attack, data mining, and even legal snooping through laws like CISPA, have kept some businesses far from the cloud out of fear of hacking. But truly secure cloud solutions are out there, and at the EMC World 2013, Tom Roloff, the senior vice president of EMC’s Global Services, predicted that most businesses will have made the switch to the cloud within five years, due to security becoming the major differentiator between cloud services.

Close the security gaps in your cloud!

Image courtesy of smeadvisor.com

As it stands, companies that currently employ cloud storage and sharing services are for the most part ignorant about the true risks of data breach and of how the services they rely on purport to protect their information. According to a recent NetIQ survey of IT executives, over half of the surveyed executives believe that merely storing data on a cloud is an increase in overall data security in itself. But 70 percent of the executives did indicate concerns over potential risks to their company’s sensitive data, while 45 percent aren’t confident in the security programs already put in place by their cloud providers.

Business & Cloud Computing

Image courtesy of cloudfluence.com

As companies trust more of their sensitive information to third-party cloud service providers, some executives and managers have actively searched for data security solutions from servers to end users. Almost half of surveyed IT executives stated that they don’t have current control of their data on the cloud and less than half train end users on secure cloud access procedures and policies.

Common challenges of the cloud

Image courtesy of soatothecloud.com

Many IT managers trying to navigate the world of cloud storage, sharing, and syncing procedures feel like they are drowning in a sea of cloud concerns. From the dangers of mobile data access to the threat of hacking, businesses must scramble to stay one step ahead of the game. According to a recent study, 89 percent of global information security professionals don’t fully understand how security solutions apply to the cloud, and 78 percent don’t have a proper grasp of good cloud security protocols. With daily headlines of major companies and even governmental institutions getting hacked it’s shocking to see just how wide of a security gap this massive move to the cloud has left open. In just one security breach, hackers can steal sensitive user data while permanently damaging a brand’s reputation. According to Steve Pate of Computerworld, the threat of cloud breaches isn’t going away any time soon, “whether they are hackers looking for data, or accidental misconfiguration, which we recently saw with Amazon’s cloud storage where over 126 billions (yes, billion) files were unintentionally exposed. Organizations simply have to take data privacy more seriously.”

For companies, IT managers, and even individual users looking for truly secure cloud solutions, navigating the world of data security can be confusing and complicated. But as the recent breach in Amazon’s cloud storage shows, no one is exempt from the threat of attack, from small startups to the biggest players. Two ways to secure sensitive data while employing a cloud storage service are through self-encryption and finding a cloud provider that offers true privacy.

Self-encryption means taking the initiative to protect your sensitive data from the very start. Anytime a company has access to sensitive data, that data should be encrypted before leaving the company’s network to be stored on a third party cloud. By using a cloud-security gateway, companies have control of their data throughout the beginning stages of the cloud storage process. Encrypting data on company networks also protects against internal hacking and data mining, while ensuring that the convenience of mobile data access maintains a smooth workflow. This simple precaution is enough to protect sensitive data when coupled with a cloud storage service that provides full privacy and anonymity to its users.

As companies search for such services, Infrastructure as a Service (IaaS) has become the fastest growing sector in the cloud world, with projected annual growth rates above 40 percent through 2016. There are a wide range of cloud services to choose from, so some businesses might get lost trying to find the right solution for their needs.

Privacy Over Security

Most cloud services offer “secure” solutions through data encryption as well as hashed and salted passwords. But these popular standard security procedures still leave sensitive data vulnerable to third party attacks. To truly enjoy total privacy for your business needs, anonymous cloud storage and sharing service like SpiderOak provides all the convenience and savings of the cloud while protecting against hacking and security breaches.

Users store and share sensitive files with 100 percent privacy, as SpiderOak has “zero-knowledge” of consumer data and plaintext encryption keys. This means that the company and its employees never even have access to your password. Instead, the data encryption key for individual passwords is exclusively stored on each user’s computer. This way, every bit of consumer information, right down to the password is kept fully anonymous.