
Cloud computing brings a myriad of
benefits for any enterprise, but it is also a cause for concern in a world
where, according to InformationWeek,
cyber criminals are now targeting "any company where they can find data to
resell, disrupt or exploit."
Moving your company's sensitive
data into the hands of third party cloud providers expands and complicates the
risk landscape in which you operate every day.
In order to understand what
concerns should be given emphasis in your cloud security strategy, you need to
understand what you can't afford to lose and what can protect you.
Understanding what you
can't afford to lose
Data breaches, according to the
Cloud Security Alliance, are the top cloud computing security threat for 2013
and beyond. Sensitive data can be of enormous value to a hacker, so you need to
consider what sensitive data you are storing in the cloud.
This might be anything a criminal
can use to determine or steal someone's identity, such as personally
identifiable information (PII) like full names, addresses, birth dates, some IP
addresses, and online logins and passwords; and financial information such as
bank account numbers and PINs. Furthermore, you should consider any
confidential corporate information you might share in the cloud.
Essentially, ask yourself
"What do I have that others might want?" and "What do I have
that I can't afford to lose?" Data privacy regulations often demand public
breach notifications in the event of a malicious data breach or inadvertent
data loss – particularly if the information is in the clear.
If your security strategy fails
to protect sensitive data, your enterprise could face severe consequences in
terms of business and reputation loss as the result of disclosure.
Understand what can
protect you if you do lose your data
Businesses migrating to the cloud
should lock down any sensitive data before it leaves the premises. As the
Snowden leaks indicate, third party cloud surveillance is ubiquitous, so the
more open your data and access policies are for harvesting, the greater the
risks to your cloud security strategy.
Deploy an encryption scheme that
provides limited, controlled, enterprise-exclusive encryption key access. When
you retain exclusive control of your encryption keys, you eliminate that
concern of a data breach regardless of where your data resides or how many
copies of it exist.
In many jurisdictions, a breach
of strongly encrypted data to which the enterprise holds the key does not
require public notification.
Even the systems you and your
CSPs may have in place to prevent accidental erasure of your data can pose
dangers to your enterprise's data privacy.
While backups, redundancy and
other failover strategies protect against data loss due to deletion or system
failures, they also create extra opportunities for the theft of this data that
you consider important.
Keep in mind that, if you
terminate your services with a particular CSP, you can never be certain the
data has been digitally destroyed.
Moving to the cloud need not be
complicated. An important element is for businesses to decide what data to put
in the cloud – and then to encrypt it and retain the keys.
The solution proposed by James Munson, head of IT at UCAS, was radical: it would shift much of its computing services to the cloud. Not only that, but it insisted on a contract that would enable it to ramp up its compute capacity in August when it was all-action, and reduce it (and the price) for the rest of the year when the service is quieter.
ReplyDeletegta 5 apk