, , , , , ,

CHANGE MAGAZINE – Cloud Security: Silver Linings or Stormy Weather?

Evolution of cloud technology demands thoughtful study and careful planning from organizations as they manage their data from afar. 

Cambridge Analytica.

The name of the once obscure British consulting firm is forever linked to a massive data breach, exploiting the personal and proprietary data of millions of Facebook users during the run up to the 2016 U.S. presidential election. The scandal, still playing out in congressional hearings, Silicon Valley boardrooms, and IT shops across America and abroad, underscores risks associated with losing control of critical data, once thought safe.

Organizations, big and small, routinely look to third-party hosting of all manner of data on “the cloud,” which is simply a metaphor for the internet, according to Office 365, Microsoft’s cloud data management service.

But just exactly how safe is cloud storage and what are the security concerns companies should keep top of mind in evaluating which systems and data storage configurations are right for their needs?

Change Magazine consulted with several experts in the field and explored the pros and cons of third-party data storage, public, private and hybrid cloud options, proactive strategies for preventing and detecting data breaches, and cost considerations.

Here’s what we found:

Cloud Applications

“In the simplest terms,” says Matt Parker, vice president Information Systems for Classic Graphics, “The cloud is a service where providers supply their computing, storage, and system resources to their clients making it available to them through multi-tiered data centers. This results most times in data centers that are geographically spread so that they serve the content to their users in the closest data center ensuring an efficient relationship.”

The types of data stored on the cloud are comprehensive and can be any information converted into a digital file.  This can be everything from basic document, contracts, inventories, customer lists, financial data, vendor data, and supply chain information to email, eCommerce data, image, audio and video files.

According to a recent report by Inc.com, several industries across a wide spectrum are embracing cloud technology. The report cited Internet and Software, Marketing & Advertising, Biotechnology & Pharmaceutical, Real Estate, Not-for-Profit, Retail, Construction, Healthcare, Education and Finance as the top ten industries that are early adopters using the cloud. The most popular cloud applications are: Email, Human Resource Systems, Messaging, Expense Management, Developer Tools, Social Media apps, and Document Storage.

Parker says cloud interface application for Classic Graphics allows for ease of sharing work product with clients using portals through a secure web interface. “We allow our customers to safely store certain data with us needed to produce their product,” he says.  “We want to make it as easy for our customers to give us the data we need to produce their product and feel confidant their data is secure.”

Cloud Types 

Orion Devries, a researcher at the business software search company Crozdesk, helped differentiate the three categories of cloud storage available to companies. These are: 

  • Public cloud – Provided by third-party multi-tenant service providers. Public cloud users can take advantage of dynamic scaling and cost-effective pay-as-you-go pricing models.
  • Private cloud – Refers to any environment operated internally, that offers self-service and on-demand resource allocation. While adoption is falling, it is still the environment of choice for security conscious businesses.
  • Hybrid cloud – Involves weaving the private and public cloud into one cohesive and seamless experience. This enables businesses to benefit from the scalability and cost-effectiveness of the public cloud, whilst being able to host sensitive and mission-critical resources within their private cloud.

Parker says advantages of using a public cloud is that organizations don’t need to support an internally managed data center requiring hardware, software, physical space and personnel.

“A third-party cloud provider is going to deliver a robust infrastructure, house data in a location that has access to a “provider hotel,” or hub where multiple providers serve your organization,” says Parker. “Redundancy is another huge advantage that companies take advantage of with cloud storage. This means data can be in multiple data centers across the globe. At Classic, we have data centers in our Charlotte and Research Triangle locations. We use these two locations for redundancy, if one center is down the other is up – this ensures we are properly protected and backed up.”

Parker noted power requirements to support data centers are also a consideration and expense. “We have not only large battery backup systems but diesel generators as well. Organizations don’t have to think about these things if they have a cloud supplier.”

The ability to scale up and back as needed is another advantage found with public cloud use. “Seasonal businesses, such as retailers love the ability to scale as needed for short periods of time,” says Parker. “Black Friday is the reason that Amazon AWS (Amazon Web Service Cloud) system exists. They ramped up for this huge retail event and realized they had this enormous capacity and turned it into a business opportunity.”

Security Concerns 

Life is not all rosy on the cloud however, and our experts point to several potential disadvantages in ceding full control of data storage to third-parties. Data breaches, ransomware, and system crashes are just some of the issues to be wary of.

“A primary concern is that companies are not 100% in control of their data with third-party vendors,” says Parker. “How it is stored, who has access to it and the changes that happen to the infrastructure where data is stored need to be well understood and safeguarded.”

Company IT departments must be enforcers when it comes to security requirements and not outsource their organization’s policies to their vendors.

“The key is ensuring that whatever vendor you are using is adhering an effective security policy,” says Mark Stamford of OccamSec, a cyber security company.  “Many organizations will perform assessments of cloud providers to ascertain what security they offer, and if its in-line with the company’s requirements. In higher risk environments, or where a private cloud is built, more in depth assessment is required such as penetration testing.”

End-to-end data encryption is increasingly the route taken by organizations to best protect their data at all points along the storage path. “Encrypting data in transit is one of the most effective ways to keep it secure,” says Parker. “You hold the keys to the kingdom and only you can access your data.”

Ransomware is finding occupying an increasing security threat across multiple industry categories including healthcare and municipal government.

“The growth of ransomware is due in part to the spread of untraceable cryptocurrency such as Bitcoins and the proliferation of ransomware kits on the dark web,” says Adnan Raja, vice president of marketing with Atlantic.Net a web hosting solution provider offering HIPAA-compliant, dedicated, managed and cloud hosting.

“There are many steps that organizations can take to protect themselves from these attacks. Proper email security training, better rules for email attachments, running executable files, and software installation can bolster defenses against a ransomware attack. Multi-factor authentication helps ensure that only authorized users can access your network. Better password management will also prove helpful. Autonomous offsite backup is a must, and network monitoring solutions to throw up an alarm can alert to head off the worst of the damages if a ransomware attack hits.”

Damaging social media posts seem a daily occurrence and serve fair warning to companies that don’t actively manage their digital presence – through close reign on their data. Email and social media can be particularly vulnerable if not adequately protected.

“Companies can protect themselves a number of ways,” says Parker, “With Data Loss Prevention (DLP) Systems being among the most effective options. These prevent sensitive or confidential data from being uploaded to social media platforms. They work in many ways; some systems look for patterns – i.e.; social security numbers or credit card numbers. Others “fingerprint” data (client lists, financials, images etc.) to be protected and look for that. These systems can even prevent screen shots from entering the public domain and create an effective digital wall of sorts.”

Cloud Cost Efficiency

Dan Greene, Director Cloud Services at 3Pillar Global, said often ongoing costs associated with cloud computing can be surprising to some. “It is a common belief that many organizations can save money by moving their products “To the Cloud!” says Greene in a recent blog post. “However, once they migrate their current on-premises infrastructure up to the cloud, they find that the monthly costs are significantly higher than they thought, or at least not lower than they’d been before making the move.”

Parker agrees with that assessment and noted that it is common for organizations to migrate data storage back in-house as external service costs accelerate. 

“I think the more and more organizations will need to look more seriously at the long-term return on investment of the cloud,” says Parker. “Going to the cloud can be cheap in the beginning but as organizations scale up the costs can be unsustainable. In many ways it can be cheaper to bring in in-house.”

Regardless of where organizations sort out with their data management needs, one thing technology has virtually assured us is they’ll be looking skyward to find the best solutions.