Cloud safety starts with the user, security expert says
Several recent studies have shown that the largest obstacle to the adoption of cloud-based computing is the fear of data security.
Those fears are often justified, says Bill Hackenberger, CEO of High Cloud Security. But equally disturbing is the large number of organizations that believe their data is safe and hacker-proof just because someone is watching over it.
The truth lies somewhere in the middle, Hackenberger told FierceEnterpriseCommunications, and the first line of defense in the cloud is the user.
Security is indeed a top priority, Hackenberger says, since the pace of cloud adoption is increasing in dramatic fashion.
"Cloud adoption is moving pretty rapidly. Every customer we talk to has multiple projects in the cloud," Hackenberger notes. He predicts that in three to four years "the vast majority of systems will be in the cloud."
Hackenberger says the first step for any organization considering cloud-based computing is assessing what they want to do in the cloud--storage, backups, processing--and then determine what is an acceptable level of risk. That risk is a constant companion in the cloud.
"Always assume that any data that leaves the building is at risk," Hackenberger says. And don't count on your cloud provider to safeguard it.
That is one of the largest mistakes many organizations make, Hackenberger says. A cloud provider will have security measures in place for sure. But ultimately, it's your data. If that data is breached or compromised, fault-finding is of little use. The damage has been done.
"You need to bring your own security. Encrypt the data before it goes to the cloud," Hackenberger advises. "Your data is your responsibility."
Organizations need to determine what data can be moved to cloud knowing there is a constant level of risk to it, and what data should be kept in-house no matter what, Hackenberger says. In some cases what can or cannot be hosted in the cloud may be determined by industry regulations, such as in the healthcare space.
"Data privacy regulations like HIPAA/HITECH and PCI continue to evolve, with new and emerging requirements for virtualized environments. Organizations need to consider how they maintain compliance as they move to the cloud," Hackenberger notes on the High Cloud website.
When engaging a cloud provider, it is vital to ask what security services are provided to you in order to determine what steps you must also take on your own.
"Many studies have shown that simple user error or system misconfiguration is often more likely to expose sensitive data or leave it more vulnerable to malicious attacks. When entrusting data to a cloud service provider, is an SLA enough?" Hackenberger asks.
Finally, be aware that as your cloud service provider grows, they are most likely growing as a target as well. The more customers they serve and the more data they host, the more likely they are to become victims of foul play, Hackenberger warns.
- see the High Cloud website