History shows that data breaches can cause businesses millions of dollars in losses. The breach may not be done with an intention to commit fraud or to steal intelligence, yet it can create mistrust among customers and partners. Therefore data security must be taken very seriously. Also, if data security breaches are publicly disclosed it will lead to negative public perception, loss of customers and expensive damage control against lawsuits and so on. So, it is no wonder that data security issues are gaining a lot of attention and data security has risen to the top of IT and compliance officers lists in enterprises.
Cloud computing, which puts mission critical data into the hands of third party vendors, makes it imperative that data security is made absolute. The security risks are self evident as the basis of cloud computing stipulates that the customer and the vendor create a trust relationship. The customer must trust the vendor to ensure that their data security is never compromised. However, the nature of the technology provides no guarantee of security. Cloud computing service providers must allow sharing of physical resources to maximize the efficiency of multiple virtual machines in a virtual environment.
A recent research conducted by MIT on Amazon.com’s Web Services, which is a public cloud network, shows that cloud computing is vulnerable. Cloud cartography or using the physical locations of servers in the cloud to exploit vulnerabilities is gaining ground. Attackers can use side channel attacks to extract information or corrupt data in the cloud. Private networks in the cloud could also be vulnerable if extra security is not in place.
It follows that the question that is uppermost in the minds of customers is: “Is it wise to continue to store mission critical data in the cloud?”
While it is true that several security threats are yet to surface and solutions are yet to be found for potential threats that have been discovered, cloud computing provides economies of scale, flexibility and on demand storage and access services that cannot be ignored. Therefore, while cloud computing vendors struggle to define new security protocols, customers must learn to ask the right questions and to evaluate vendor services from the security standpoint, before migrating their data into the cloud.
Customers must demand transparency in vendor security programs. They should ask the relevant questions in regards to qualifications of the security policy makers, architects, coders and operators. They should examine the risk control procedures; technical mechanisms and the levels of security testing that is currently in place. They should also check out whether the vendor is aware of vulnerabilities and has provided for recovery from unanticipated vulnerabilities.
Potential customers of cloud backup services should ask the following basic questions before they pick a vendor:
1. Where is the location of the data?
2. How is data segregation ensured?
3. What is the long term viability of storing data with the vendor?
4. What are the user access protocols in place implemented for data management?
5. What procedure does the vendor have in case of a disaster?
At Keepit.com, we take security very seriously. Our parent company, Cohaesio, has been providing web hosting services for hundreds of thousands of clients since 1996. We have a very high security standard in place, backed by IBM hardware and state of the art data center.
