Hitmetrix - User behavior analytics & recording

Cloud data faces security scrutiny

A recent hack of Twitter corporate data off of the Google cloud server, combined with increasing consumer wariness, has made security “in the cloud” a buzz-worthy issue this summer.


Jonathan Zittrain, a law professor at Harvard, wrote in a New York Times op-ed last week, “The cloud… comes with real dangers. If you entrust your data to others, they can let you down or outright betray you.” He also noted that data stored in the cloud was not required, by law, to have as stringent privacy protections in place.


However, many cloud proponents disagree, insisting that the cloud can offer an environment as secure as a contained system, and often at a lower price — making it attractive to businesses who may not be able to afford a slew of security measurements by themselves.


“The cloud does provide a safe alternative to storing data and applications,” said Ken Satkunam, acting CTO for SentryBlue CIM. “Typically, organizations that are left to manage their own data do that either with limited knowledge, budget or motivation to make sure they are compliant with security regulations, so working with a cloud provider mitigates some of that risk.”


“Hosted software is designed to be extremely reliable, safe, and secure,” agreed Eran Feigenbaum, director of security for Google Apps. “People are right to consider carefully to whom they entrust their data, be it on-premise or in the cloud. Many customers find we can do a better job securing their information than they can.”


Of course, there are downsides to the cloud. Putting your data in the cloud relies on absolute trust with your cloud service provider. Even though you’re passing on day-to-day responsibility to a third party, if there is a breach, customers are going to bring their complaints to the company that they’ve turned over their information to.


Satkunam recommends learning about a vendor’s employee screening process, data recovery policies and data ownership rules. If the provider goes out of business or is purchased, can you get your data back?


Companies putting their data in the cloud also have to be comfortable with the fact that their information will be stored with other companies’, possibly in an undisclosed location. “You’re actually sharing aspects of the hardware you use, and, in many cases, the service provider won’t tell you where stuff is nor will they guarantee that it won’t move around because that’s how they create some efficiencies,” Frank Gillett, an analyst for Forrester Research, pointed out. “I think a lot of service providers are doing good job of providing security, but people have to get comfortable with and make sure it’s not an issue that they’re sharing space on servers.”


Despite interest in cloud computing, not everyone is jumping on the bandwagon. Avenue100, a lead generation company owned by the Washington Post, privately maintains about 50 terabytes of storage. Todd Rodgers, VP of engineering at Avenue100, explained the strategy was to protect his company’s “crown jewels,” his term for valuable data.


“We are at the phase where our data is exploding, and we don’t want to hit someone else’s brick wall,” Rodgers said. “So if I’m growing systems or storage to maintain data, it’s more comforting to know that the people who work directly for me are in charge of it.”

Total
0
Shares
Related Posts