Yes, you can still trust the cloud … if you’re smart about it

Recent breaches have once again thrust an old question back into the spotlight: Can the cloud be trusted?

In the wake of the leaked celebrity pictures scandal, much of the press has been focused on the apparent theft of the photos from Apple’s iCloud.

It even has some IT pros rethinking their stance on trusting the cloud. According to a flash poll by InformationWeek:

  • 20% of respondents were less confident in storing information with Apple as a result
  • 40% were less confident trusting any cloud provider, and
  • 12% changed personal practices or tightened work practices as a result.

One incident doesn’t change anything

Not everything is known about the attack yet. We’re likely, but not sure, to get more information as time goes on about who orchestrated it and how the attack was pulled off.

But to stop trusting the cloud as a result of the findings – no matter how damning they may be – will probably require a major leap in logic. Even if this turns out to look bad for Apple or some other entity, not all cloud providers are equally concerned with security – just as your company’s security measures may vary from the competition, so do cloud providers’.

Ultimately, cloud security comes down to at least two major factors:

  • Choosing providers you can be sure will protect your data, and
  • Setting policies for users and IT that will protect offsite data.

Here are ways of handling each.

Trusting cloud providers

To trust a cloud provider doesn’t mean that you know the company’s name and reputation. It involves asking serious questions before considering it as a business partner.

According to a survey last year, only 35% of respondents were aware of vendors’ security practices. So while companies were trusting enough of providers to allow them to hang onto precious data, they didn’t go the extra step, verifying that the data would be protected up to their standards.

Obviously, you should do what you can to make sure data is protected. Part of that is asking the tough questions of providers you’re working with or thinking of signing on with. At the very least, these questions should cover:

  • Physical location. Where will the data be secured? Who will be given access to the data center (any employee or only those who have been cleared for security)?
  • Accountability. If your auditors needed to know the methods used to secure data, would the vendor be willing and able to provide that information? If so, they should also be able to provide it to you.
  • Breaches. It’s unpleasant to think about, but a breach could still happen. You’ll want to know how you’ll be alerted to one if the provider detects it, and also who will be responsible in the event of a breach. Don’t count on the answer being that the provider will fall on its sword.

Securing data for the cloud

Internally, you’ll want to be sure you have the right security procedures in place and stress to users the importance of care in cloud storage. Make sure users know:

  • which services are approved by the company
  • what data can go into the cloud, and
  • the importance of secure passwords and keeping accounts confidential.

But perhaps more importantly, you’ll want to know IT’s options for controlling these accounts. Adding users and managing access are essential to providing protection.

Final word: Encryption

Last, and in no way least, encryption is essential for data stored in the cloud. First, you should know whether it’s the responsibility of the vendor or your organization to secure data with encryption. If it’s the vendors’ responsibility, don’t hesitate to ask how the data will be encrypted, and if it’s going to be salted as well.

While companies have had some difficulty in the past with encryption, that’s all the more reason to become familiar with the technology. In case of a breach, cloud or otherwise, it’s the surest way to keep data from being used against you.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy