Cloud-Based File Sharing: What’s Changed in the Last Six Years?
The year was 2008. George Bush was still president, The Dark Knight was the number #1 film in America, Brittney Spears was the top Google search and cloud computing was largely seen as a huge security risk.
Fast forward to present day. Everything mentioned above has since changed, except the perception of cloud security unfortunately. Not the reality mind you, but the perception.
Back in 2008, Jon Brodkin of inforworld.com listed off Gartner’s seven cloud-computing security risks. His warnings then were pretty much the same as the warnings of today. Let’s take a look at four of those risks in particular.
Privileged user access. Sensitive data processed outside the enterprise brings with it an inherent level of risk, because outsourced services bypass the "physical, logical and personnel controls" IT shops exert over in-house programs. Get as much information as you can about the people who manage your data. "Ask providers to supply specific information on the hiring and oversight of privileged administrators, and the controls over their access," Gartner says.
Still a concern. Fortunately, most business-grade solutions were designed to solve this specific problem. Instead of guessing who accessed what, where and for how long, today’s systems make it easy to monitor usage from multiple angles. Many businesses are not aware of this functionality until it’s desperately needed (i.e. after a security incident has taken place).
Regulatory compliance. Customers are ultimately responsible for the security and integrity of their own data, even when it is held by a service provider. Traditional service providers are subjected to external audits and security certifications. Cloud computing providers who refuse to undergo this scrutiny are "signaling that customers can only use them for the most trivial functions," according to Gartner.
The cloud is still widely misperceived as a secondary solution. In other words, most people don’t trust it when it comes to serious matters like HIPAA, PCI, SOX and other compliance issues. But the cloud is quite capable of ensuring compliance, and in some instances, it actually makes the process easier. Again, this is something that most people do not associate with the cloud.
Data segregation. Data in the cloud is typically in a shared environment alongside data from other customers. Encryption is effective but isn't a cure-all. "Find out what is done to segregate data at rest," Gartner advises. The cloud provider should provide evidence that encryption schemes were designed and tested by experienced specialists. "Encryption accidents can make data totally unusable, and even normal encryption can complicate availability," Gartner says.
This is similar to the concern above in that if certain files are not encrypted at transit and at rest, then the company is not in compliance. But today, all the latest security features and functionalities can be found in cloud-based solutions.
Long-term viability. Ideally, your cloud computing provider will never go broke or get acquired and swallowed up by a larger company. But you must be sure your data will remain available even after such an event. "Ask potential providers how you would get your data back and if it would be in a format that you could import into a replacement application," Gartner says.
This is still a security concern for businesses (and consumers), but with the rise of the hybrid cloud, companies now have the ability to “cloud enable” any on-premise server, thus eliminating the confusion around data ownership and location.
So while the reality of cloud computing security has changed (for the better) in the last six years, the perception hasn’t changed all that much. This is a great opportunity for you, managed service providers, to spread the word and make these concerns a thing of the not-too-distant past.