Archive for the ‘Cloud Security’ Category

Data Security Tips

Time for New Year’s resolutions, and resolving to protect your data is a great start to the year. Here are some tips to help you in your mission to keep your data safe.

  • Have a breach response plan prepared and tested.
  • Understand cloud service-level agreements so you can push for meaningful information on failover and disaster recovery practices.
  • Educate management on phishing, spear phishing and social engineering.
  • Educate staff to recognize applications and mobile devices that collect or transmit data and to communicate the risks to information security management personnel.
  • Check periodically whether you and your business associates are in compliance with all privacy and security requirements

No doubt you can come up with your own resolutions for the New Year, but please consider these tips if you are serious about preventing data breaches.

Security Challenges of the Public Cloud

Two-thirds of businesses identify security as the top concern when considering moving to the public cloud. And they are right to do so. Now that data is being stored in new ways and new locations around the globe, businesses need to trust what is happening to their corporate data.

Of the many security challenges that the public cloud has introduced, let’s focus on governance. Achieving and maintaining governance and compliance in the cloud involves considering:

• Jurisdiction and regulatory requirements
Can the data be accessed and stored at rest within regulatory constraints?

• Complying with export/import controls
Are encryption software controls permitted in different countries or jurisdictions?

• Compliance of the infrastructure
Is the cloud infrastructure/architecture/service you are using compliant?

• Audit and reporting requirements
Can you provide the required evidence and reports to demonstrate compliance with regulations and legal requirements?

It is essential for businesses to establish that the governance requirements of their corporate data are being met on the public cloud. If they aren’t then other options must be considered.

More on the Private Cloud

Many enterprises are benefiting from private clouds. They are discovering that for security and compliance, the private cloud wins out over the public cloud every time. In addition, the private cloud provides better savings. As detailed in a 2011 study by the Aberdeen Group, the private cloud saves a total of 12% combined annual costs savings over public clouds on a per-application basis.

Budget considerations are not the only considerations. A cloud’s ability to deliver services on demand means IT departments can meet enterprise needs more quickly than when new hardware has to be purchased, tested and implemented. The traditional process can take weeks, even months. A cloud can meet the demand within minutes.

Private clouds also create a strong technical foundation for the so-called “Post-PC Era” where desktop computers are now just part of the mix of devices that also includes thin clients, tablets and smartphones. Vital applications and enterprise data reside in the cloud, waiting to flow to any of these devices.

Using a public cloud has appeal because it requires little to no infrastructure investment by the user enterprise while enabling unprecedented levels of scalability. However, many organizations still balk at the compliance, privacy, security and data availability issues associated with public services.

For private cloud options for your enterprise, contact DataHive to discuss your needs (403) 313-1106.

Benefits of the Private Cloud

Private cloud computing is a relatively new way of storing and using data. Many businesses regardless of size are utilizing it to support their business functions. Private cloud computing supports and maintains software, hardware, infrastructure, and IT support on external servers that are accessible via the Internet.

The private cloud offers a high level of security because all data stays in a defined physical location.

DataHive’s private cloud provides no muss, no fuss service — a simple phone call (403) 313-1106 gets you set up and running with your operating system and required capacity. You simply upload your software and you are in business.

DataHive’s easy and affordable private cloud offering helps businesses innovate and expand as they choose.

DataHive’s private cloud services are maintained in our own reliable and secure data centre. A full backup service is offered to further ensure peace of mind that client data is well protected.

Consumer Cloud Security

The consumer cloud keeps growing, giving consumers many storage choices such as Google Drive, Dropbox, Microsoft SkyDrive, Apple iCloud and Amazon Cloud Drive. Unfortunately, these cloud-based file storage services typically come with security caveats that waive their liability for data loss.

It is important to read the terms of use and privacy policies of any cloud service you are considering using before you start to upload files. Consider what Amazon Cloud Drive says about the security of your cloud data:

5.3 Security. We do not guarantee that Your Files will not be subject to misappropriation, loss or damage and we will not be liable if they are. You’re responsible for maintaining appropriate security, protection and backup of Your Files.

That’s right, when it comes to security you are on your own. They are not guaranteeing that there is anything inherently secure about their cloud.

I personally would not choose to put anything of value or hard to replace on that cloud drive unless I already have a securely protected local backup.

Cloud security disclaimers should give companies as well as consumers cause for concern. Standard cloud contracts don’t come with enough privacy and security guarantees to permit their use for storing sensitive data that is subject to legal penalties for non-compliance.

Give a thought to what stands between your data in the consumer cloud and anyone who wants to steal it: your password.

That’s right, the security of your cloud data depends on your ability to create and protect an unguessable password. Good luck with that.

So beware: when you upload onto the consumer cloud you do so at your own risk.

Amazon’s Glacier: the Devil is in the Details

A great deal has been made of Amazon’s Glacier offering of 1 penny per gigabyte per month. It is an exciting and enticing offer for a public that is looking for affordable storage. But, as they say, the devil is in the details – or rather the fine print.

What most people do not do is read the fine print. Amazon’s lengthy legal agreement is a great antidote to insomnia, so here’s the interesting part they’re hoping users won’t notice. Amazon reserves the right to look at your files. They don’t need your express permission to do so. They don’t even have to notify you that they’re going to do so. Amazon can go through all your data without any encumbrance, legal or otherwise.

And there’s more. Amazon can share your files with others. They can use your information at any time for any purpose, without your knowledge. Are you comfortable with that?

As well, Amazon can keep all the files you delete.

Once you upload data with Amazon, your data is their data — theirs to keep, to share, to use as they see fit. If you need to see the fine print here it is:

“5.2. Our Right to Access Your Files. You give us the right to access, retain, use and disclose your account information and Your Files: to provide you with technical support and address technical issues; to investigate compliance with the terms of this Agreement, enforce the terms of this Agreement and protect the Service and its users from fraud or security threats; or as we determine is necessary to provide the Service or comply with applicable law.”

Amazon has added the fluff about technical support and security threats, but the grist of it is you are giving them the right to access, retain, use and disclose your files. All for a penny per gigabyte per month.