Posted by Kalyani M. on Jun 28, 2013
Individual users and enterprises have flocked to the cloud for convenient and cost-effective storage and sync solutions. From home computing to a wide range of business sectors, the cloud has significantly changed how users interact with the web. For the average user, cloud storage offers a cheap and easy way to safely backup files, photos, and any other important data. For enterprises, the cloud offers significant savings through reduced need for large IT staff, hardware, onsite servers, and maintenance. But the lack of regulatory standards for the cloud market has created a situation in which many popular third party cloud services are actually unsafe.
In response to the glaring lack in regulation, CEO of the World Wide Web Consortium (W3C), Dr. Jeff Jaffe, has called for tighter cloud standards. At a recent W3C talk, Jaffe said, “Identifying future trends and needs for standardization is an important focus…we now need a richer conversation between core web standards and the cloud.” But Principal Analyst at Ovum, Roy Illsley, doesn’t predict that such a universal standard will arise any time soon. As Illsley said, “The best we can hope for is a standard on workload transport so that businesses can move cloud provider with minimal effort. Businesses are not moving wholesale into the cloud because of a number of issues, and the lack of portability of workloads between different cloud standards is just one. It’s an important issue, but it’s still just one of many….It’s like the browser wars of the 1990s, when mass adoption by enterprises only happened when there was a single standard. However, cloud is coalescing around a few main approaches and standards, for want of a better word, and the mess of supporting this is mainly felt by the service providers who have different solution stacks, such as OpenStack or VMware, to support different customers.”
Leaving regulation entirely up to cloud service providers has created a situation in which companies with better practices are starting to garner more attention from users and enterprises looking for cloud convenience while ensuring their data privacy. Third party cloud service providers already have to contend with confusing data residency laws that vary from place to place. So a global hodgepodge of different cloud standards could create an even more chaotic situation, in which floating data must be protected by different measures and means depending on which country’s servers are located in.
One country that has controversially paved the way for such national cloud standards is Brazil. Presented by representative Ruy Carneiro, a new Brazilian bill addresses the lack in cloud regulations and privacy protections while enacting international agreements to monitor and regulate data flow between countries. According to Carnerio, “Brazil should have the ambition of becoming an important player in the cloud computing space as it has the potential to increase national competitiveness and productivity…So an adequate regulatory environment – which doesn’t isolate the country, but offers security to citizens, enterprises and the government – is fundamental to foster the industry, bring more foreign investment in that field and allow Brazilian providers to expand internationally.” And as enterprises continue to flock to the cloud, lack of regulation can lead to unintentional non-compliance due to the fact that some services may store data on servers in countries like Brazil with their own unique regulations and data export requirements. Rather than being hit with a penalty, fees, or having to deal with a breach of data, enterprises should only trust their sensitive data to cloud service providers that offer data privacy and user anonymity.
The SpiderOak Blue Solution
But selecting a truly secure third party cloud service can be a challenge as many services on the market have security gaps that leave private data vulnerable to third party attacks. One cloud storage and sync service that sets itself apart is SpiderOak Blue. This service provides enterprises with a fully private cloud service featuring all of the benefits of cloud storage along with 100% data privacy. And for the average web user, SpiderOak offers the same protections with lower costs and smaller storage space.
SpiderOak Blue protects sensitive enterprise data through two-factor password authentication and 256-bit AES encryption so that files and passwords stay private as unreadable blocks of data. Two-factor authentication is just like the process used by some financial services that require a PIN as an extra precaution along with a password in order to log in. With SpiderOak, enterprises that choose to use two-factor authentication must submit a private code through text along with their unique encrypted password. Authorized accounts can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices (SpiderOak never hosts any plaintext data). SpiderOak Blue’s cross-platform private cloud services are available for enterprises on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices.