The Risks And Benefits Of Remote Data Storage
Ever since it was revealed recently that an unsecured database was discovered online that listed 87 million Mexicans’ personal details, safety of the cloud has come under scrutiny once again.
This personal information was found in a database on an Amazon Web Services cloud server. The information has since been taken offline.
However, a BBC report found that a majority of significant data breaches that have occurred over the past five years, from Target to TalkTalk, Ashley Madison and Sony, have been from internal databases and not cloud-based ones.
Cloud computing, which involves storing applications and data remotely instead of on your physical premises, can significantly speed your operations up and dramatically cut IT costs. In addition to being able to tap into a wide array of cloud-based services, it can also help you get new products developed more quickly, and potentially provide you with an edge over your competitors.
The greatest risk is having someone else control your data through the use of various data centres located in remote places. If a breach ever does occur, then potentially your data may be stolen, corrupted, wiped or lost.
To prevent this from happening any information that is stored in the cloud needs to be encrypted to protect it, both when the data is in transit as well as when it is on the cloud servers and “at rest.” However, whether or not this always take place is now in doubt given incidences such as the Mexican data breach. The BBC report found that Amazon Web Services, which is the largest public cloud platform provider, includes over 1,800 security controls to govern its services. Customers have the ability to control their encryption keys if desired, in addition to setting the rules for who may access their applications or data.
The report also stated that customers are given the option by major cloud providers to manage their own encryption keys, which means no one from the provider can obtain access. A hybrid approach is being adopted by some companies – where a private cloud is used for storing more sensitive data and other applications and data are stored in the public cloud.
Despite the benefits and increase in public cloud platforms being offered by such companies as Google Cloud, Microsoft Azure and Amazon Web Services, according to the report less than 10% of the data in the world is stored in the cloud currently.
Some argue that we are still in the early days of the cloud and that numerous companies are still risk adverse.
In a recent discussion at the Cyber Security Professionals exhibit in York, Steven Howe of Amethyst MD talked about how people have numerous questions about using the cloud, such as if anyone knew where the cloud was – in Syria, China, the UK? Who else shares the cloud?
He added that it’s confusing. A cloud appears to be safe, nice and fluffy – but really isn’t. It is somebody else’s computer.
Concerns about data privacy, especially in Europe over matters like the rescinding of the Safe Harbour data sharing agreement has resulted in providers increasing offering to host data within their customers’ own area. Data centres may be located anywhere in the world. However, firms frequently want to have their data kept close to them.
A cloud provider, first and foremost, needs to understand your business. Potential customers need to be sure they have a good understanding of the regulatory requirements that govern data and that it can be proven that they can do what they say.
The full BBC report can be viewed here