Security Considerations when using the Public Cloud

As we reach the end of our five part series on “Secure Cloud Adoption in the Enterprise”, we thought it would be useful to summarize the discussion and also leave with you a few important things to consider when you make the decision to use the public cloud.

Clichéd as it may sound, Security and Privacy are probably two of your most important considerations as an IT executive.  This becomes all the more important at a time when it seems the entire world is moving to public cloud based storage, with enterprises willing to have their data be stored with a third party. The benefits to this trend are many, but so are the risks.

As innocuous as it may seem on the surface, when your organization’s data is with a third party, no matter how trusted they are, there is always a possibility that it can be used in unintended and (sometimes unscrupulous) ways. Though most of the time, cloud service providers will claim that your organization or employees are not identifiable by the information they provide, you can’t ever feel completely at ease when your enterprise data isn’t private.

The problem arises when the data is used for purposes you didn’t anticipate.  What happens when the cloud provider hosting your organization’s data is bought out by another? Worse still, what happens when there’s a security leak that allows anyone to look at your enterprise’s files stored on the cloud?  There have been many instances in the recent past where organizations and individuals have had their data compromised.

Former Google Chief Executive, Eric Schmidt is on record saying “I think judgment matters. If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place, but if you really need that kind of privacy, the reality is that search engines including Google do retain this information for some time, and it’s important, for example, that we are all subject in the United States to the Patriot Act. It is possible that, that information could be made available to the authorities.”  This is unfortunately, a pretty standard position towards privacy that most public cloud vendors are forced to take.

As we move more and more into a cloud based ecosystem, almost all your enterprise data is stored on servers several miles away. You don’t have any control over how many copies are created, or backed up. You don’t even know for sure whether the data is actually deleted when you ask for it to be deleted – or if all copies of it got deleted.  You simply have no control.

Security and Privacy aren’t just about having all of your data confidential; it’s about having control over who gets to see what, what happens to it and deciding when it should be destroyed.  We at Parablu believe that under no circumstances should the owner of the data lose control.

 

So, what are some steps you can take as an IT executive to protect yourself and your organization?

  1. Make educated choices about what your company is putting on the cloud. There may be certain types of data and workloads you can easily put on the public cloud and some others that you may not be comfortable with.  Many public cloud vendors assume that you, as a customer are making that choice when you decide to let them host your data or workloads.
  2. Verify the credentials of the cloud provider and along with SLAs and other parameters check out their security practices. Most importantly, read their Privacy Policies.  Many times, privacy policies aren’t so much about ensuring your data’s privacy as they are about listing what rights the cloud provider has to do what they’d like with your data.
  3. Consider your encrypting your data and your workloads on the cloud – to ensure privacy and prevent misuse of your data.
  4. Look at technologies like CASB. A privacy gateway or secure storage gateway can help encrypt your data on-premise before it leaves to go to its public cloud destination.

At Parablu we are fanatical about cloud security. We want to take this opportunity to reinforce our commitment to our users to keep their data safe and secure no matter where it lives.

http://www.parablu.com

References:

http://en.wikipedia.org/wiki/Eric_Schmidt

http://www.huffingtonpost.com/2010/11/04/google-ceo-eric-schmidt-privacy_n_776924.html#s170420

https://www.dropbox.com/privacy

https://www.dropbox.com/help/27/en