Managing the Risks of Cloud Computing

Posted by on May 27, 2013

In a recent study surveying 1,300 American and U.K. companies, 88 percent of respondents claimed their small business saved money through employing cloud services. And it seems that the push to the cloud will soon spread so wide that cloud services will become standard for most businesses around the globe in just a matter of years. Currently, 53 percent of small businesses, with staff between five and 50 people, now employ some type of cloud service.

Small business and the cloud

Image courtesy of sadasystems.com

Clouds can help businesses gain a competitive edge, save money, and turn profits through a wide variety of ways. For retailers, cloud services offer the potential to securely store big data to better serve their customers. And for companies used to buying and maintaining their own servers, clouds can cut hardware costs by hosting data on virtual servers. Even industry leaders like Microsoft and Google have seen the benefits of cloud services, offering their own products to businesses and managing to take away large shares of the market. But while businesses shift IT costs from hardware, software, and staff to cloud services, glaring gaps in security continue to threaten wide sectors of industry.

Though savings are the primary driving force behind to push to the cloud, there are other factors to consider as well including smoother workflow and employee mobility. However, security remains an imminent threat with cloud data storage services, especially those that only use the basic safeguard of hashing and salting passwords. In a recent survey of IT decision makers that have not yet made the switch to cloud services for their businesses, 57 percent were hesitant out of security concerns and 29 percent cited privacy issues. But with proper IT policies like data encryption, HR teams and IT managers can help secure their sensitive information, while truly private cloud storage services can provide peace of mind through added security measures like data and password anonymity.

Cloud adoption

Image courtesy of Isaca.org

While cloud computing has revolutionized the market, to fully take advantage of the benefits of cloud storage, businesses must secure their data from attack. Because as much as cloud computing is convenient and cost-effective, entire brands can go under with just one security breach! From ruined reputations to consumer lawsuits, the costs of hacking necessitate a guaranteed safeguard from attack.

Hackers have exploited user data through selling the information to other companies and have even resorted to extortion as recent news headlines show. But as David Linthicum, senior vice president for Cloud Technology Partners, put it, “We have studies that come out that say that [the] cloud is insecure, and others that say that it’s more secure. I think it’s somewhere in the middle – it’s as insecure as you make it.” In an era in which businesses can’t rely on the goodwill of private industry or the protections of the government, IT managers must take their own initiative on securing their companies’ most sensitive data.

Cloud risks

Image courtesy of CopperBridge Media

After doing the work of encrypting data in house, it’s important to choose a cloud service that provides complete privacy and anonymity. Many cloud services offer “secure” storage with standard data encryption as well as hashed and salted passwords. But hashing and salting is just the bare minimum and only a first line of defense against security breaches. Hashing and salting still leaves sensitive company and user data vulnerable to third party attacks, and there are entire sites dedicated to showing people how to crack hashed and slated passwords using the same encryption . For true user privacy, only anonymous cloud storage and sharing services like SpiderOak provide all the convenience and savings of the cloud while protecting against hacking and security breaches.

SpiderOak is a cloud service that offers data backup, storage, and syncing services. It differentiates itself from the crowded cloud market by offering full privacy and anonymity. Through 256-bit AES encryption and two-factor password authentication, SpiderOak ensures that business files, folder names, filenames, and passwords cannot be read or accessed by SpiderOak or its employees.

As for two-factor authentication, this is similar to the process used with some banking and financial services that require a PIN or correct answer to a secret question as an extra precautionary measure. For SpiderOak, this means submitting a private code through SMS in addition to the encrypted password to log in. Once successfully logged in, users store and share data with 100 percent privacy, as SpiderOak has “zero-knowledge” of uploaded data and plaintext encryption keys. This means that the company and its employees don’t have access to user passwords. Instead, the data encryption key for individual passwords is exclusively stored on each user’s computer. This way, every bit of consumer data, right down to the password is kept fully anonymous. SpiderOak’s services are available with Windows, Mac, and Linux desktop environments, along with Android and iOS mobile platforms.

Leave a Reply