One of the main concerns of the cloud is how secure their data is. When a company uses a cloud service they have no choice but to trust the provider with their data. Some recent attacks have shown that some cloud providers are not as secure as they need to be and that puts your data at risk.
This year alone (2012), a majority of the cloud provides have had some issues with their services. It has ranged from hackers to natural disasters; data has been exposed or has been unavailable. This has happened in prior years also. Consider this, in 2011, Sony Entertainment had nearly 77 million accounts hacked, exposing user’s information, Dropbox had numerous service outages, and Gmail had a 30 hour outage that resulted in 44,000 accounts being lost.
This just shows you that cloud providers and their systems are vulnerable.
Despite numerous attacks and problems, the data centers where cloud providers locate their servers are physically secure. Google’s has released a security video that is a good example of how secure the physical locations are.
When you are looking at hosting your data on the cloud, you also need to consider the following elements.
- Privacy of banking, social security numbers and other details
- How services outages are handled and uptime guarantees.
- Confidentiality of your information, what controls are in place and who can access it.
- Physical and network security. How are they securing their datacenter and the systems in that datacenter?
By focusing on these four factors cloud providers are able to provide close to 99% security.
A risk still existing and that can come from inside your company and from your employee’s. Just about every cloud service requires a username and password to access the service. The hackers and scam artists know this and will use this vulnerability to obtain access to the data. They can also use this same information to hit numerous cloud services as people generally use the same username and password for all websites. That is why it is a good idea to use a separate username and password for the various websites you access.
If your company utilizes a cloud service a number of factors that you need to be consider when it comes to security:
- Liability for sensitive data stored in the cloud rests with your company, not the provider. Make sure you have a good insurance policy, contact your insurance company.
- Cloud vendors should be able to provide reports written by a neutral third party on the security of their service. These should be taken into account when looking for a provider. This is typically called a SAS 70 certification and the Datacenter should be SAS 70 certified.
- You should be taking steps to backup data stored in one cloud to either a different cloud or even to a physical location.
- You should establish a process that makes your employees to change their passwords at least every three months and not allow them to use the same password
Do you have cloud solutions in your company? If so let us know what your concerns are about security?