Cloud computing security can be a conundrum. The point of using the public cloud is to outsource certain infrastructure and application needs to third party providers. But how can you protect your data once it leaves your perimeter?
Luckily for organisations looking to adopt the cloud, securing sensitive information outside the corporate walls isn’t as daunting (or as impossible) as it may appear. Technologies exist to enable cloud computing security strong enough for companies to remain in compliance while taking full advantage of cloud’s flexibility, agility, and economies of scale. Avoid these common pitfalls for a secure cloud experience.
Pitfall 1: Who’s responsible for security?
The assumption that the responsibility of securing the cloud rests with your cloud provider is a problem. Don’t assume that because it’s the cloud provider that houses the data, it’s their responsibility (and legal liability) when it comes to securing the information there.
It stands to reason but isn’t true. The Australian Privacy Principles, which came into effect in March, specify that if data is disclosed to a third party provider, the organisation can be held liable for any breach by that third party.
Despite providers taking security very seriously, in the event of a breach of your organisation’s data, your organisation will be still be held liable, which can lead to extensive fines. Encryption has become a core solution for protecting data in the cloud and securing organisations against data breaches.
Pitfall 2: Not encrypting enough
There’s a common misconception that the key vulnerability lies in the public internet connections between your perimeter and your cloud provider’s.
Unfortunately, encryption in transit, thought a good step, isn’t enough. It secures the networking tunnels from would-be eavesdroppers. But the data remains in its original clear text form. So in the aftermath of the MUSCULAR disclosure, where NSA had tapped into Google and Yahoo networks, encrypting the tunnels could still leave the data vulnerable to a skilled hacker.
Pair this capability with strong encryption for the data itself before it moves into the cloud so that any unauthorised user will only see gibberish if they breach the tunnel encryption.
Pitfall 3: Forgetting your neighbours
As one of many customers of a public cloud provider, you’re analogous to a renter in an apartment complex. Multi-tenancy can raise cloud computing security issues. Fortunately, taking steps to secure your data addresses those issues. Choose a cloud data encryption solution that gives your organisation exclusive access to the encryption keys. This way, even if your data is inadvertently leaked or disclosed, no one can read it or do anything with it without your knowledge and consent.
Cloud computing security concerns can make companies hesitant to adopt the cloud, but they don’t need to be. There is a solution to the data privacy challenges created by the cloud – and that solution is control. Maintain control of your data from the moment it leaves your perimeter throughout its lifecycle in the cloud and maintain control of your encryption keys. This way, your information can remain safe, wherever it goes.
Paige Leidig is senior vice president and chief marketing officer of CipherCloud