What to Look for In Cloud Security

Is your data in the cloud? Right now as we speak billions are being invested my major corporations to store and back up data in the cloud. It’s cheaper and it’s safer.

When you think of a cloud, do you picture fluffy white pillow-things that float in the sky without a care in the world? “The cloud,” as it relates to technology, actually refers to millions of servers, which may be owned and operated by either corporations or private individuals, sitting in homes and offices. We can only hope that they are under tight security.

Data stored on your computer is kept together, in one nice little controlled place. Whereas data stored in the cloud is spread out, all over the world. But what’s more secure, your local PC or a server in a dark room in Des Moines?

The reality is that all cloud-based data, just like local PC-based data, is vulnerable to physical theft if the building isn’t properly protected, power outages if there aren’t redundant power backups, natural disasters if Mother Nature decides to have a bad day, and criminal hacking through system weaknesses, phishing, and social engineering.

Then there is Murphy, of Murphy’s Law: what can go wrong will go wrong. And with technology, there is much that can go wrong. CNET recently reported that Amazon’s cloud was down for almost two days. “In April, the cloud storage service experienced a two-day outage that brought many Web site operations to a halt. When a cloud-computing provider has trouble, of course, it raises worries about the dangers of outsourcing operations to another company.”

Cloud-based data is vulnerable both in the cloud, where it’s stored, if it is not properly protected and encrypted, and in transit, via your own Internet connection.

Most cloud service providers won’t explicitly outline what they do to protect your data because it could offer potential hackers information on how to compromise their networks. But one provider for example promises “strict security policies, military-grade encryption, and world-class data centers for optimal data protection of your business’ computers and servers.”

Some providers offer two-factor authentication which is another good way to protect the integrity of cloud-based data, making hacking more difficult than obtaining a simple username and password.  To remind, two factor authentication means you have to use two different things to prove your identity.  Typically this is something you have, like an ATM card, and something you know like a PIN code.

Computer users are responsible for the security of locally stored data, and data that is transmitted via their Internet connection. They can avoid phishing and social engineering scams. But beyond that, they are reliant on the cloud provider to adequately secure their data. Have you checked with your cloud provider yet on their security measures?

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures