Posted by Kalyani M. on Jun 26, 2013
The cloud has revolutionized the market for all sorts of sectors. While we’ve already tackled the importance of connecting SMBs to the cloud, enterprises of all sizes can also take advantage of the cloud’s cost savings as well as convenience. In a recent survey, the number of respondents who will move a majority of IT operations to a cloud service within five years jumped up to 29% in 2013 from 27% in 2012. But for some reason, larger enterprises are still somewhat hesitant about moving to the cloud than small to mid-sized enterprises. However, around 59% of companies, from SMBs to large enterprises are still working on IT prep work before selecting the right third party cloud service. From Software-as-a-Service (SaaS) solutions to planned deployments with IT management, third party cloud services present a wide range of options for enterprises looking to leverage technology in their favor.
But before making the switch, CIOs and IT teams must do the work of protecting their data and choosing the right private service for their security needs. According to Richard Dorough, managing director for PwC Forensic Services, before making the switch, “it makes sense to evaluate the data itself, the service level agreement and the cloud service security before moving anything to the cloud.” Clouds can be “better, faster, cheaper, more flexible and more secure” than what many enterprises could do internally. But privacy concerns over sensitive company data have still kept many cautious enterprises at bay. With proper encryption and security procedures, everyone from manufacturers to health care providers can take full advantage of the conveniences and costs savings that the cloud provides. Such benefits serve “as a de facto endorsement of hybrid and private cloud deployments, especially for healthcare and other heavily regulated industries,” for people like Scott Blanchette, senior vice president of information and technology services for Vanguard Health Systems. With HIPPA concerns at the forefront of Mr. Blanchette’s mind, a private cloud deployment offers full control of data, cloud convenience, and ultimate security.
As all sorts of enterprises increasingly rely on cloud adoption to compete in a rapidly shifting global market, IT teams have had to proactively seek out cloud security engineers to help manage onsite security and network infrastructure. This can be outsourced through selecting a truly private third party cloud service provider, or IT teams can hire a designated staff member to keep in house. Cloud security engineers should have a deep understanding of host-based systems, IP architectures, IPv4 and IPv6 networking, as well as network security functions on both stateful and non-stateful technologies.
As Bill Hackenberger, co-founder and CEO of HighCloud Security, writes, “your data in the cloud is your responsibility, no matter what the cloud provider does or says. If a data breach occurs, you will bear all of the consequences, positive and negative.” The importance of securing data onsite before selecting a cloud is highlighted by the user error in Amazon’s cloud. A security firm found that more than 126 billion files were exposed due to user ignorance of proper privacy settings. Having a cloud security engineer onsite or outsourced and available is essential to enterprises looking to take full ownership of their data and privacy.
Another thing that enterprises should look out for is how their third party cloud provider interacts with their data. Onsite encryption should always take place for enterprises dealing in sensitive data, especially before uploading such data to a cloud. Essentially, encryption jumbles the data into something unreadable without an encryption key. Because encryption keys unlock such private company information, encryption keys should be stores exclusively on approved devices. For enterprises wanting to retain control of their data, be sure to find a third party cloud providers that gives you control over encryption keys.
SpiderOak Blue for Enterprises
Finding a truly secure third party cloud service can be a challenge as many services on the market have security gaps that leave private data vulnerable to third party attacks. One cloud storage and sync service that sets itself apart is SpiderOak Blue. This service provides enterprises with a fully private cloud service featuring all of the benefits of cloud storage along with 100% data privacy.
SpiderOak protects sensitive enterprise data through two-factor password authentication and 256-bit AES encryption so that files and passwords stay private. Two-factor authentication is just like the process used by some financial services that require a PIN as an extra precaution along with a password in order to log in. With SpiderOak, enterprises that choose to use two-factor authentication must submit a private code through text along with their unique encrypted password. Authorized accounts can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices (SpiderOak never hosts any plaintext data). SpiderOak Blue’s private cloud services are available for enterprises on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, making this a uniquely cross-platform cloud solution.