Data security in the cloud - what you should know

Does something leaving an organization’s physical premise means it is in more danger than it was before? We’re not talking about employees here, but an organization’s data and applications hosted in the cloud. Because any business owner knows data security should always remain top priority, one of their main concerns when it comes to cloud computing is fear of losing control over their information.

And with an increase in adoption, cloud providers today are not only competing on price and service, but also on the security of their service. So how secure is the cloud? Is on-premise infrastructure a safer option for your business? We’ll answer exactly that by looking at the key indicators below.

Data security measures

When data is held internally, it’s within an organization’s control. The entity can determine the levels of security they want in place and execute accordingly. Once data moves to the cloud, businesses relinquish physical control. Despite that being true, it doesn’t mean that data is more vulnerable in the cloud. This is because small- and medium-sized businesses often have limited IT expenditure, which means they usually can't hire a dedicated in-house technology team like larger enterprises. This makes it harder for them to keep up with the latest security best practices let alone implement them.

Cloud providers, on the other hand, tend to have a more secure IT environment than the organizations they support. This is because they are experts in their field with knowledge gained through years of experience. They face tougher standards which require them to build secure, independently-audited data centers to avoid hefty fines. Take the biggest public cloud platform provider like Amazon Web Services (AWS) for example. They have more than 1,800 security controls in place to make sure nothing slips through the cracks. Dropbox is no different. And though it might not have the same number of security controls as AWS, they ensure safety by splitting each data file into chunks.  Each chunk is separately encrypted and stored in a different location. So if someone manages to break in, they would only get access to random blocks.

Hybrid solution

The truth is, data security in the cloud has come a long way since its inception. And most cloud providers ensure utmost protection by using encryption while data is in transit and at rest on the servers. They also give customers the option to handle their own encryption keys. This option means that not even the  cloud provider could access company-sensitive data. This can significantly reduce the chances of data breaches whether from employees or cyber criminals. Some companies are even adopting a hybrid approach. Sensitive data are kept in private cloud servers and other data and applications are kept in the public cloud.

Human risk

Human risk is often the most damaging factor of all when it comes to technology security. Employees are often responsible for compromising confidential files and data purposefully or not. This is where the cloud proves to be more secure than on-premise infrastructure. Why? When your data is on-premise, it’s only a matter of time before an employee is able to locate it. With advanced data security setups in the cloud like permission access, data authentication and encryption as well as off-site storage, employees will need to be skilled hackers to gain access to targeted information.

Statistics

Over the last five years, the majority of data breaches, whether it’s from Sony, Ashley Madison, TalkTalk or Target, have actually taken place internally, and not in the cloud. This is likely because cyber criminals are aware of the growing level of sophistication that is cloud security today. Put yourself in a cyber criminal’s shoes for a second. Would you target a company where data resides in the cloud, protected by a team of IT experts with multiple security measures? Or one where data resides on-site, more often than not with one IT personnel overlooking everything?

What about the iCloud hack in 2014, you might ask. If tech giants like Apple couldn’t prevent the unfortunate from happening, then how could you? According to NBC News, the iCloud incident was not a security breach, but a phishing scheme.  A man by the name of Ryan Collins sent emails that looked like they originated from Apple or Google, fooling celebrities into handing their credentials over.

For cloud computing, data security depends on the quality of your provider compared to that of your IT department. If you’re thinking about moving to the cloud, choose a provider that takes the time to understand your business. One that keeps up with the latest security practices and can offer customized, scalable solutions for current and future needs. Equally important, follow the right security protocols to make sure that your provider complies with agreed security standards and policies. This will prove beneficial both for the short and long term.

At SimplyClouds, we have extensive knowledge and experience deploying, customizing and maintaining cloud infrastructures for small- and medium-sized businesses. If you’d like to find out how secure our cloud infrastructure is, or have any questions about the cloud, don’t hesitate to give us a call and we’ll be happy to advise.

Categories: Best practices, Cloud security