Posted by Kalyani M. on Jun 10, 2013
Everyday users looking for convenient backup solutions and businesses looking to leverage technology in their favor have turned to cloud services. And cloud growth is only expected to expand in the years ahead. In a recent study, Gartner predicts that total cloud service market growth will expand from $76.9 billion in 2010 to $210 billion in 2016. In 2012, total spending on cloud services grew 18.6% and the expected compound annual growth rate (CAGR) for cloud spending through 2016 is 17.7%. While such numbers might invite consumer trust, they’re unfortunately paired with almost daily news of cloud hacking, data mining, and user exploitation. To truly take advantage of the cloud without having personal information leaked, stolen, or even sold, users should demand cloud transparency while proactively protecting their data from third party attacks with a private cloud service that can offer true data anonymity.
As whole sectors of the market take to the cloud, service providers have widely marketed themselves as secure. Many users don’t fully understand the complexities of data security and unfortunately, some service providers have exploited this fact, shrouding their protection processes in secrecy. But as more businesses rely on cloud services for their infrastructure and daily operations, it’s vital for service providers to enact proper security measures. According to the Cloud Security Alliance, true data security comes from “adopting and adhering to best practices and standards that create a secure environment – secrecy is best left to end users protecting their passwords and login credentials.” This means that security must be established in partnership between users and cloud service providers. Users must do the work of securely hosting their plaintext encryption keys while encrypting and highly sensitive data before uploading it to the cloud. For cloud service providers, they should be upfront with consumers in their marketing efforts when describing their security measures.
Unless cloud providers can offer truly secure solutions, businesses may abandon the cloud trend altogether. Recently at the MIT Sloan CIO Symposium, CIO Scott Blanchette of Vanguard Health Systems Inc., claimed that “the traditional argument that cloud-based software is beneficial because it allows IT leaders to tap into their operating budgets rather than requesting capital for software and hardware investments hold less water in a low-interest-rate environment when ‘money is essentially free.’” Cloud service providers must find a way to provide actually private storage, protecting user anonymity otherwise as Mr. Blanchette says, “If the solution isn’t better, faster or cheaper than what I have organically, it’s not an attractive alternative other than risk transference.” Fundamentally, as GigaOM contributor James Urquhart puts it, when it comes to the cloud “transparency is essential.”
With open source technology like OpenStack and movements like the OpenGov Foundation, consumer demand for transparency is on the rise. While cloud providers can’t realistically or safely disclose their codes, they can at least be honest about the level of security they provide, while helping their users understand how their data and passwords are being protected. As it stands, many security experts are still uncertain as to cloud safety and have held off on advising businesses to make the switch. At the SecTor security conference, Executive Director of the Cloud Security Alliance (CSA), Jim Reavis, answered the question of whether or not clouds provide better security for businesses than traditional IT. As Reavis said, “It’s not like we think that any outsourced cloud provider is less secure than our own infrastructure…It’s just that we don’t have the same transparency…The informed consumer is a missing component in making cloud providers more transparent in terms of what they are doing…That is the only way we’d be able to know and provide assurance that that appropriate service is being delivered.” Once again, transparency is highlighted as the missing component keeping companies back from switching to the convenience and cost savings of the cloud. But as Reavis says, the demand must come from consumers, “We can’t do it as individual companies, where we have less and less ability to influence a cloud provider…So we have to work together.”
Transparency & Private Cloud Solutions
Most cloud services on the market have security gaps that leave company and user data wide open to third party attacks and even internal data mining. One company leading the way in transparency is the anonymous cloud storage and sync service SpiderOak. This cloud service provider offers the full benefits of the cloud along with 100% data privacy for businesses and the average user looking for reliable online storage.
As for just how they protect user data, SpiderOak offers two-factor password authentication and 256-bit AES encryption so that user files and passwords stay private. Two-factor authentication is just like the process used by some banking services that require a PIN to log on in as an extra precaution along with a password. With SpiderOak, users that select two-factor authentication submit their private code through SMS as well as their individual encrypted password. Users can store and sync with complete privacy, because this cloud service touts its “zero-knowledge” of user data. User plaintext encryption keys are only stored on the user’s chosen devices, so users are put back in control of their data. SpiderOak’s private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices.