Posted by Kalyani M. on Aug 21, 2013
Enterprises that already use the cloud have leveraged the technology to streamline massive amounts of data, increase productivity, and edge out the competition. But even with the cost-savings and convenience that comes with the cloud, lack of cloud standards and regulations have resulted in a market with an abundance of glaring security gaps. A single breach of security could stall production and result in intellectual property theft. But threats to cloud security can also come from within an organization in the form of internal data mining and leaks. Companies that want to fully capitalize on the cloud without sacrificing data security should rely on three important steps: good SLA (Service-Level Agreement), strong ERP (Enterprise Resource Planning), and private data storage and sync.
When seeking out a good SLA, remember that data security is ultimately your responsibility. Unfortunately that’s not how many enterprises see it, and many SMEs and Fortune 1000s sign bad SLAs that don’t offer protections for their hosted information. A recent NetIQ and IDG survey of IT security decision makers found that 69% of respondents “in organizations around the world believe consumer cloud services post a huge risk to sensitive data.” Primary concerns revolved around the lack of transparency in data security measures and current laws offer little protections for cloud adopters. Under Australia’s new data breach notification law, cloud adopters, and not cloud providers, are ultimately held accountable of the only guardians of their data. In the case of a data breach, an enterprise would be liable for any loss instead of the cloud service provider they employed.
All of this goes to show how important it is to be absolutely clear about how a potential service provider would protect your data. As it stands, most enterprises realize that they must proactively safeguard their data as shown by a report by the Ponemon Institute and commissioned by Thales e-Security. The survey of more than 4,000 cloud enterprises found that over half already stored sensitive data in the cloud. According to the survey, only a third of respondent believed that their cloud provider should be held responsible for protecting stored data and only 12% felt that users should be primarily responsible. The truth is that both are equally important. Secure begins onsite with strong enterprise resource management before sending off data to be cloud-sourced. When choosing a provider, read over any SLA contracts closely and negotiate any issues of concern before you sign. If a cloud service provider isn’t willing to negotiate or meet your needs, consider another provider that can offer greater levels of data security.
Enterprise resource planning helps keep data secured onsite from data mining and leaks before sending it off to be stored on the cloud. Strong ERP measures can keep everyone accountable for secure access, syncing, and storage. One of the most important things to establish is access control, this means determining which personnel and departments have access to different levels of secure data. Account management also helps enforce access control, once it has been determined. The common practice of simply giving out administrative access for simplicity’s sake has proven disastrous for many enterprises. All it takes is one disgruntled employee or one act of ignorance to spill a company’s secrets. Such leaks can wreak irrevocable damage on an enterprise’s reputation and can be avoided with strategic ERP.
The next step in establishing strong security is exclusively storing and syncing sensitive data with a cloud service provider that offers strong encryption, data privacy, and user anonymity. Whatever deployment model enterprises select, cloud providers should have zero-knowledge of company data. Through such privacy and data anonymity, enterprises can stay protected from all sides. Before settling on a provider, learn about their security measures and what steps they would take in the case of a breach.
Secure Storage With SpiderOak Blue
For many enterprises, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave private corporate and consumer data wide open to third party attacks and even governmental spying, in the light of the ongoing NSA PRISM scandal. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak Blue. This service provides enterprises with fully private cloud storage and sync, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak Blue is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server.
SpiderOak protects sensitive enterprise data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, consumers can rest easy knowing that their data is truly protected and brands can gain diehard customer loyalty by publicly securing consumer information. SpiderOak Blue’s cross-platform private cloud services are available for enterprises on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and enabling a mobile workforce.