This is part two of our look at whether or not we can trust the cloud. My last post, about service reliability in the cloud, concluded that you can. But what about the issue of data security? Can you trust the cloud to keep your data secure?
Perhaps a better question is,
Should you rely on the cloud to keep your data secure?
According to a survey of 4,000 IT and business managers, two-thirds of the people who use or plan to use cloud services believe it’s primarily the cloud service provider’s responsibility to protect their data. While I agree that the service provider should provide a degree of protection, I disagree that theirs is the primary responsibility. That falls to the organization using the services.
It only makes sense that the people or company collecting or creating sensitive information should ensure its safety. Here are some simple things you can do to help keep your information secure.
Use Secure Passwords
Just as you wouldn't use the root password "letmein" on a server you colocated in a data center, since that would effectively give anyone in the data center access to your server, you shouldn't use such weak security on anything in the cloud. Doing so effectively grants your cloud service provider physical access to your data.
Multiple sites have been hacked and users’ passwords posted to show the feat. Two that have happened within the past few years show why password security is important: many of the most common passwords on both sites (RockYou.com and LinkedIn.com) were the same – 123456, iloveyou, princess, and various first names were all among the most common passwords from both sites. Make sure that your password policies don’t allow for such simple, common passwords. Your passwords are the locks and keys to your data.
If you're worried you (or your employees) won't be able to remember your passwords, a good password manager, such as KeePass* can help.
Encrypt Sensitive Data
Sensitive documents that sit on your laptop or a flash drive would most likely be encrypted. You should do the same for information you store in the cloud. You can use opensource encryption software such as TrueCrypt*.
Train Your Employees
Chances are, not every employee needs access to all information. However, any of your employees who have access to secure data should be trained on data security best practices. Those employees with higher access should have more specialized training.
Monitor Data Security
Gather analytics about use of, and access to, secure data. If possible, set up alerts that notify you if there is unusual activity.
All of this isn’t to say that your cloud service provider shouldn’t provide security for your data. Rather, it’s a reminder that, ultimately, you are responsible for your own data. That said, one of the most important things you can do to protect whatever you store in the cloud is to
ask about and understand the security offered by your cloud service provider.
A reputable service provider will be willing to answer your questions.
So can you trust the cloud when it comes to data security? I say you can trust it as much as you can trust any tool, which is all the cloud is - a tool. You have a lot to say in just how secure your information will be, so make it as secure as possible.
*Neither FRII nor the author have any affiliation with KeePass or TrueCrypt. FRII does not officially recommend these products. They are mentioned here simply as examples of free, opensource software available for these applications.