Is your Data Secure in the Cloud?

Nov 2011
24

Is your Data Secure in the Cloud?

Posted by Eran Farajun
 

One of the main concerns from end users about cloud storage is its security. “I am legally obliged to keep my data inside the country’s boundaries; where would you store it?” “How do I know it’s safe?” “How do I know I’m the only one that can access it?” These are all questions that cloud computing vendors and resellers have been striving to answer, and reassure their customers about since this service delivery model was first introduced.

However, today there is a variety of ways in which cloud solutions providers i.e. vendors, resellers and Managed Service Providers (MSPs), can near-guarantee data security and among the most sophisticated near-guarantee of security is encryption. This is a simple yet effective process that will put many customers’ minds at rest, and is therefore a powerful tool for the channel.

Before data leaves the end user’s datacentre it is encrypted at the source and it stays so while it gets transmitted to the cloud, essentially the data is encrypted at rest and in flight to ensure the data remains secure, where it also remains encrypted. Therefore, anyone trying to intercept this data while it is being transferred would only capture encrypted files; access to confidential content is hence not possible.

In order to access data in its un-encrypted form, it needs to be unlocked and the only key resides with the customer, ensuring that the stored version of the data is as safe and secure in the MSP’s datacentre as if it was in-house. Depending on the required level of security, keys can have between eight and 32 digits. So far, so secure.

Safeguards can be applied at various levels to ensure the security of customers’ data from cradle to grave including encryption key escrow management capability. This allows for an additional security provision to be put in place should a customer lose or forget their encryption key. Measures of security (or lack thereof) will often be a deal breaker so any reseller or cloud service provider looking for that extra element of differentiation should certainly look into having as many of these security measures in their portfolios. Amongst the most important factors is to ensure that the underlying technology vendor has a third-party certification of the encryption elements in its products, like a governmental body. It is not enough that a vendor claims their product is secure and it incorporates some form of cryptology. The real question is whether anyone has actually verified that the encryption was implemented properly so it cannot be defeated. This is the comfort level that a recognised third-party certification provides.

In the cloud data centre itself, the security of the data is protected even from datacentre operations staff due to its encrypted format. Cloud operations personnel do not have unauthorised access to the decryption key, meaning that customers should feel safe in the knowledge that their data is visible only to them. Building a level of trust such as this is “key” (excuse the pun) when establishing channel relationships, as trusted resellers are the ones to whom happy customers will return, and will be recommended to others.

It is details such as this that give good relationships the advantage; in order to provide the best possible service it is necessary to understand the technology being utilised and leverage it to each customer’s advantage. Thus, fears about the security of data in the cloud should be greatly reduced. Customers who feel happy with the level of security, support and flexibility provided are the ones with whom relationships will flourish.

 

Spice IT Email Post

Excellent summary of some

Excellent summary of some basics of how security in “the cloud” works and the importance of third party verification.

For more information

Get insights about cloud backup and recovery direct to your inbox every month.
Subscribe to our Newsletter
 
Stay connected to the latest data protection insights – subscribe to our blog.
Subscribe to our blog
 
Got questions for one of our recovery specialists?
Need Answers to your Questions?
 
Print this page
Email this page