07/05/2015 / 0 Comments
Analyzing the sensitivity of your data and your enterprise needs will help you determine whether it’s time to get out of the cloud and install a private cloud solution on your own servers. We’ll take a look at the types of data that you should avoid storing in the cloud, the risks of using cloud solutions, and the benefits of a private cloud solution when you need to get out of the cloud and into a much safer and more secure data environment for your company.
Of course, it may seem like common sense not to transmit these types of data to the cloud and store them there—particularly for companies that want to protect the privacy of their customers and employees, the confidentiality of their enterprise data, and their intellectual property and critical business information. But the alarming reality is that companies are increasingly entrusting data to the cloud and are not fully aware of what information is being stored and shared.
For example, in a recent study published in 2014 by data security researchers at the Ponemon Institute, IT and IT security professionals estimated that 36% of business-critical applications are running in the cloud, and 30% of business information is now stored in the cloud. But 15% of those applications and 35% of that information is not visible to IT.
In particular, file synch and share (FSS) solutions are becoming increasingly popular among companies and employees due to their benefits in providing large-scale data storage with convenient sharing tools and mobile access to files and data. This, of course, poses serious potential for abuse, misuse, and security lapses that could lead to a damaging data breach.
In a recent Harris poll and survey report published by Intralinks, 84% of IT decision-makers agreed that “the adoption of free FSS products by employees creates a potential security problem,” and 46% agreed that “data is leaking from my company due to unmanaged use of file-sharing products.”
Worse yet, even with approved cloud services and visible cloud usage, IT and data security professionals have expressed a significant lack of confidence in the security of company data.
More than half of the respondents in the Ponemon study said that the use of cloud-based services increases or significantly increases the likelihood of a data breach, and 69% did not agree that their organization’s cloud service providers use enabling security technologies to protect and secure sensitive and/or confidential information.
Whether you’re actively using cloud data storage solutions and aware of usage within your company or you’re dealing with rogue users and cloud activity that is invisible to IT, every company should take steps to ensure that sensitive data is never transmitted to the cloud or stored there. None of the types of data listed above should ever be entrusted to the cloud due to a number of critical risks, which we will examine next.
There are a number of critical security vulnerabilities and drawbacks involved in using public cloud FSS solutions such as Dropbox, Box, iCloud, and Google Drive.
1. Someone else is protecting your data
When you use a third party service for cloud data storage and file sharing, you are leaving the security of your data to someone else. Of course, many advocates of cloud data services point out that cloud providers often have more resources and greater technical expertise than your company may have, so they can provide a level of security that you may not be able to achieve on your own. This may be true, but you don’t have to go into the public cloud in order to gain those benefits, as we will explore shortly. Also, while it is in the best interests of cloud providers to protect your data, that doesn’t give you any guarantee of success or true vigilance.
As Steve Santorelli, manager of Internet security research group, Team Cymru, told Business News Daily, “No business is ever going to be as rabid about looking after your data as you would or should be. They are in the business of making money from you, after all. The downside is that you are abrogating responsibility for your data. Someone else has access to it and someone else is responsible for keeping it safe.”
This means that you are at the mercy of a third party provider. And, to illustrate the risk of this, consider the incident in June 2011 when Dropbox, for a period of four hours, inadvertently allowed access to any account without requiring the correct password. Despite a quick correction to resolve the problem, the lapse by Dropbox highlighted the ways that depending on a third party public cloud provider can open companies to disaster.
Naturally, due to their high profile and the sheer amount of data that they store, popular cloud file sharing and data services are a prime target for hackers and cyberattacks. And the open nature of their services provides ample opportunity for malicious activity.
As Mike Chapple, Senior Director for IT Service Delivery at the University of Notre Dame has pointed out, “Cloud data storage solutions may be more susceptible to hacking attacks. The open nature of the service means not only that users can access their data from anywhere, but also that attackers have greater opportunity to attempt that same access.”
And, while cloud providers have generally done a fairly good job of handling security, any success forces potential attackers to become more creative. And this has led to the use of phishing schemes and other tactics in an attempt to hack user accounts and gain access despite protections applied to the servers and data. Once a hacker can gain access to a user’s credentials, then no amount of cloud security will help, as happened in the case of the infamous Apple iCloud hack, which led to the exposure of personal photos belonging to celebrities. While iCloud itself was not breached, its user accounts were, and the end result was still a huge loss of sensitive data by the victims.
3. Shared servers
Using public cloud data storage solutions means that your company data will be shared with the data of other companies on the same server. This creates an incentive for cyberattacks because it offers an opportunity to wreak havoc and steal data in bulk and from multiple companies if the server can be breached. It also makes your company’s data highly vulnerable to distributed denial of service (DDoS) attacks that can crippled the server and prevent you from accessing your business data when you need it. Public cloud storage creates a single point of failure that is shared by your company and every other whose data is stored on the server. In contrast, by keeping sensitive data on your own servers or using a private cloud solution and ensuring redundancy and backup, you can eliminate the risks of using shared servers for data storage and file sharing.
4. Rogue employee behavior
Of course, when you’re using a cloud data service for file syncing and sharing, it is often all too easy for a rogue employee to share sensitive files and data with unauthorized persons outside your company. A single employee might potentially give an unauthorized user access to your entire cloud. This can happen with disgruntled employees and those leaving your company, and it can even happen accidentally by inviting the wrong email address or user ID to share a file or folder. By staying out of the cloud and considering alternatives such as a private cloud solution with stronger access controls, better permission and administrative controls, and auditing and reporting tools, you can gain greater control over user access and user activity while virtually eliminating the prospect of rogue data exposure.
5. Government intrusion
Of course, we know from recent reports of spying activity by the U.S. National Security Agency and similar agencies in the UK, France, and Germany, that the use of public cloud technology could pose risks due to transmitted data being intercepted in transit or breached from cloud servers. Documented collaboration between government agencies and technology providers, whether by force of law or voluntary participation, has made this a very real concern for privacy advocates and even for some companies that may be worried about just how private their data, communications, and transmissions may be. By avoiding the cloud, companies can reduce the amount of data being transmitted over networks and stored on servers that may be compromised by government intrusion and monitoring.
6. Legal liabilities
As data breaches have increased in number, so has the number of lawsuits filed against companies for failing to protect sensitive data. According to Robert J. Scott, managing partner of Scott & Scott LLP, who shared his insights with Business News Daily, “Data breach incidents are on the rise, and so are lawsuits. The latest risks to using cloud for business are compliance, legal liability, and business continuity.”
To the extent that your company stores sensitive data in the cloud, your risk of a data breach and a damaging lawsuit will almost assuredly rise with it. The best way to protect yourself against legal liabilities stemming from cloud data breaches is to get out of the cloud and operate a private cloud solution on your own servers.
It is important to analyze the type of data that you currently store and share in the cloud, and you can always weigh the risks of public cloud services against their benefits when deciding what is best for your company. Often, companies decide to accept the risks of a public cloud solution because they believe that the convenience, accessibility, and performance outweighs the potential drawbacks if something goes wrong. They believe that securing their sensitive data would require them to sacrifice the benefits of a cloud service. But this is not the case because there is an alternative that can deliver the strongest possible security for your data without sacrificing the core benefits of the cloud.
With a private cloud solution, a company can get the same convenience, accessibility, and performance of a public cloud service without all the risks. And, most importantly, your company can maintain complete control over your data and all access to it, while still providing tools that help your employees collaborate, share files and data, and get things done.
Here are the core benefits of investing in a private cloud solution and getting out of the public cloud.
1. Total control of data and user access
With a properly engineered private cloud solution, you can get professional, enterprise-class data security with next-generation authentication, powerful encryption, and access controls that give you total control over your data and user access. For example, mobile authentication with public key cryptography can be used to protect your user access with unhackable cryptography that physically eliminates the possibility of hacking, phishing, or malware being used to compromise the user logins for your private cloud. Also, AES-256 encryption can be applied on all levels, at every moment of transfer and storage, to ensure that your data is never transmitted or stored in decrypted form. And full administrative and access controls allow you to manage permissions and access levels from the user level all the way to the individual file or folder.
2. Expertly engineered security without trusting third party public cloud providers
With a private cloud solution, you get the benefits of enhanced security engineering and professional cryptography without trusting the day-to-day monitoring and vigilance of a third party public cloud provider. You can bring world-class cloud security into your own company environment, under the control and administration of your IT staff, with advanced cryptography that is designed to keep your data where it belongs.
3. Secure cloud on your own servers, behind your firewall
Using a private cloud solution, you can install a file sharing, file storage, and messaging service on your own servers and operate it behind your firewall. It can be delivered as a turnkey virtual appliance or configured with an existing database server or by using a free database server. And a private cloud can support Windows, Linux, Java Runtime capable operating systems, and a wide variety of databases, from Microsoft SQL and IBM to MySQL, Oracle, PostgreSQL, Derby, and more.
4. A single, private cloud to store and share everything
When you use a private cloud, you can store, share, and transmit data through a single cloud solution, keeping all of your data in one place, with redundancy and backup, rather than worrying about keeping sensitive data on your servers and storing less sensitive data in a public cloud. You can keep it all in one place, with convenient access and the ability to share through additional user accounts or private access links.
5. Centralized administration, auditing, and reporting
A private cloud offers centralized administration, under the control of your IT staff, with capabilities that include full auditing and reporting. Thus, you can administer your private cloud, control all user accounts and access levels, and generate and maintain complete audits and reports of all activity. This is vital for meeting various regulatory and industry compliance standards, but it’s also a best practice for monitoring access to your sensitive data and employee activity related to this information.
6. Reduced latency
By running a private cloud on your own servers, you can reduce latency, enjoy the high-speed performance of storage and sharing through your own network. This avoids the risks of DDoS attacks against public servers and slowdowns due to shared server traffic.
7. Intranet capabilities
One of the unique advantages of going to a private cloud is the ability to configure it to run on your company Intranet rather than transmitting and sharing via the Internet. This is an ideal option for companies that may want to completely avoid transferring and sharing data online.
8. Integration of data storage with other enterprise applications
A further advantage of a private cloud over a public cloud solution is the ability to integrate it with your other enterprise applications for secure data storage. Using simple code, you can configure your other applications so they store their data securely in your private cloud, with comprehensive encryption to protect the data at all times of transfer and storage.
9. Meeting and exceeding current and future compliance standards
As mentioned previously, control of access to your data and ensuring the privacy and security of your data is critical to meeting regulatory and compliance standards, such as HIPAA for healthcare organizations, PCI for anyone handling payment information, and FIDO Alliance specifications for next-generation authentication. With private cloud features such as out-of-band two-factor authentication, AES-256 encryption at every moment of transfer and storage, and complete auditing and reporting capabilities, your company can not only meet these compliance standards but exceed them and stay well ahead of future developments as data security requirements are sure to be strengthened.
Ultimately, the choice is yours. But if you’re a company looking to avoid storing sensitive data in the cloud, you’re wary of the risks of using public cloud services, but you want and need the convenience, functionality, and security of encrypted file sharing, storage, and messaging, consider putting together a plan to get out of the cloud and install a private cloud solution on your own architecture in the near future.
Want to learn more about SecSign’s innovative and highly secure
solutions for protecting your user accounts and sensitive data?
Use our contact form to submit your information, and a SecSign sales representative will contact you within one business day.
If you need assistance with an existing SecSign account or product
installation, please see the FAQs for more information on the most common questions. You don’t find the solution to your problem? Don’t hesitate to contact the
I am Interested in