Apple’s opposition to an FBI demand to open the iPhone of Syed Rizwan Farook, the shooter in the December terrorist attack in San Bernardino, CA, has raised the issue of data personal privacy and security, not simply on specific devices but also when devices are connected to the cloud.
Your device or on-premise server might be safeguarded, however what about when you connect them to the cloud? It may be susceptible to enemies or be subject to federal government demands.
Cloud security presents different obstacles because there are more players, said Mark Nunnikhoven, vice president of cloud research study at Pattern Micro Inc. Likewise, the kind of security you desire depends upon exactly what you want to safeguard your data from. Do you want to safeguard it from hackers or secure it from government firms?
It’s a problem a great deal of companies are considering and taking steps to resolve, said Ellen Rubin, CEO of ClearSky Data. And the very first line of defense for them, she stated, is encryption. In truth, the argument any cloud provider will make is that if you are concerned about your data, whether hackers or governments are wanting access, you should secure your data, she stated. And the data must be encrypted at rest, as well as in transit to the cloud– whether it’s a public, private or hybrid cloud environment.
The large public CSPs, including Amazon Web Services, Microsoft Azure and Google Cloud Platform, all have security features. When choosing a CSP, companies need to ensure the service provider has the same kinds of security controls as when protecting info on an internal system, stated Jim Reavis, CEO of the Cloud Security Alliance. “Not vetting your cloud service provider is a genuine risk you take in keeping data in the cloud,” he stated.
The larger problem with encryption is the file encryption secrets. If the data is secured, the secrets exist someplace. But where should you put them? Who has control of them? How do you secure them?
If the answer is that the cloud provider can never have access to the keys, then you’re in good shape. Due to the fact that even if something occurred and individuals stole your data or subpoenaed it, all they would get is encrypted data that they cannot decrypt, says Rubin.
“I believe that is just table stakes now. I don’t believe anyone can go into the cloud without considering it, due to the fact that you just don’t know what will happen,” she stated. “Anything you have any concerns about at all, not even just sensitive data, needs to be secured.”
Nunnikhoven explained, however, that even if data is encrypted, it doesn’t mean it is secure from everything, since law enforcement organizations can force businesses to release their data.