Why Secure Cloud Storage Is A Necessity For Business Information & Customer Data
Implementing Secure Cloud Storage strategies is becoming a necessity. Storage of business information and customer data is growing in popularity. The benefits of cloud storage seem to far outweigh the risks, making cloud storage an attractive solution. Among the main advantages are drag and drop file transfers, file accessibility from any device, cloud file linking capability, off site storage for disaster recovery and the relatively inexpensive cost of cloud storage. But, when choosing a cloud storage solution for corporate use, understanding the hidden risks is essential.
Does your corporate cloud storage satisfy the core principles of an effective information security program? Can it ensure the confidentiality, integrity and availability of your business information and customer data? If your organization has, or is planning to, implement Dropbox, AWS, Azure, Office365 or similar cloud storage solution, please consider the information below carefully before making your decision.
Implementing Secure Cloud Storage Strategies:
Control & Security:
Cloud storage providers control several essential facets of data storage including where and how your data is stored, and who can access your data. The provider essentially has complete control over your stored information once it’s on their servers. Your expectation should be that the cloud service provider will, at a minimum, protect your business information and customer data as effectively, and with the same level of care, that your organization extends. Cloud provider oversights and threats such as misconfigurations, server permissions errors, a rogue insider, a careless employee and/or a data breach, put your information at risk. So, it’s important that you carefully review the cloud storage provider’s control and security protocols, and ensure their effectiveness, before entrusting them with your valuable information.
Multi-factor authentication is a necessity when storing business information and customer data! Why? Multi-factor authentication makes it more difficult for your cloud service provider credentials to be stolen. And, it also helps to prevent unintentional access by unauthorized employees (both current and former). Properly securing cryptographic keys and changing the keys periodically is also critical. Weak APIs and interfaces also put your data at risk. The chosen cloud storage provider must utilize current, effective authentication and authorization processes that minimize the risk of unauthorized access to your data.
Some, but not all, cloud storage providers use end-to-end encryption. Unless all of your information is encrypted before it is sent to the cloud, your business information and customer data is at risk during the transfer. In addition, business information and customer data stored on cloud provider servers must be stored encrypted. So, when migrating to the use of a cloud storage provider, it’s imperative to institute “data at rest” encryption prior to data transfer to the cloud, and to ensure the cloud storage provider continues to store your data in an encrypted state as well.
Unless the cloud storage provider stores your information in a private cloud, your information is stored on a server with the data of other users. This increases the risk that your data can be compromised. So, the security of your data now also becomes subject to the risks imposed by an unknown and uncontrolled entity. If you do opt for a corporate cloud storage solution, private cloud storage is the optimal choice to avoid unnecessary risks.
Legal & Regulatory:
The legal posture taken by the cloud service provider, concerning access to your data and regulatory violations should be carefully examined. The cloud service provider must protect your legal rights and ensure they take legal responsibility for their failures to comply with regulatory requirements. Being aware of the legal posture of the provider, and carefully considering the potential ramifications for your business and your customers, are an important part of the decision process.
Cloud storage providers maintain an enormous amount of data within their environment. As information repositories, they are at an elevated risk of hacking. The potential reward for a hacker is significantly higher because of the sheer volume of accessible data in this private cloud. Careful review of the cloud storage provider’s data breach history, hacking hardening and overall cyber security program should be part of the corporate cloud storage provider selection process.
The risk of unauthorized government access or access without knowledge to the corporate officers exist that is not present if your data is securely stored in-house. If your business information or customer data is stored outside of the United States, the risk of nation state sponsored economic espionage should be considered as well. Note that data security laws vary by nation, so careful consideration of the related risks and ramifications is important.
Outages & Continuity:
While off site cloud storage can be beneficial in times of a localized disaster, the opposite is true if your cloud storage provider is affected by a natural disaster that results in your data becoming inaccessible in the short or longer term. As well, Internet connectivity issues can leave your business information and customer data inaccessible. Weighing the benefits of cloud storage against the risk of inaccessibility should be part of the decision process.
Secure Cloud Storage Solutions:
Secure cloud storage solutions should utilize the most advanced technology and processes to monitor, secure and protect your business information and customer data.
- The latest encryption and communication protocols
- Fast threat detection (within 24 hours, not 7 months)
- On-line safe room (with only one way in and one way out for your data)
- Virtual servers and live databases for isolated testing, research and development or disaster recovery
- Advanced protection from Distributed Denial of Service (DDoS) attacks
- Endpoint security integration
- Cyber counterintelligence experts who become trusted advisors, monitoring your organization’s risk posture and performing continuous advanced malware monitoring
The contrast in the level of security and technological advances of secure cloud storage versus personal cloud storage solutions is stark.
When selecting a cloud storage provider for your business, it’s vital to carefully weigh the risks versus the anticipated benefits. Carefully vetting the cloud storage provider can help your organization avoid the legal, regulatory and/or financial ramifications resulting from inadequate controls, unauthorized access, and lax cyber security. While cloud storage is a popular method of storing critical data, it is not without inherent risks. Minimizing corporate risk by using a secure cloud storage solution for business information and customer data is key to effective cloud data security.
About the Author:
Jarrett Kolthoff has over two decades of experience in the Information Security field. He is a former Special Agent with U.S. Army Counterintelligence. His expertise includes cyber investigations, counterintelligence, and Fusion Cell analysis. Jarrett currently serves as President/CEO of SpearTip LLC, a global cyber security and cyber counterintelligence firm with its corporate headquarters in St. Louis, Mo.