Steps To Secure Data In The Cloud

Steps To Secure Data In The Cloud

Steps to Secure Data In the Cloud

Cloud computing and storage security is often one of the main stumbling blocks cited by those who’d like to reap the benefits of moving to the cloud, but believe they cannot. Data security is extremely important, but for many enterprises and markets, there can be no compromise in security. For those businesses, the idea of compromising security, even just a bit, in return for the vast benefits of going to the cloud were not possible.

cloud-thumbnail

Data security in the cloud is not impossible. Many industries that were previously unable to use cloud services for data storage are now able to do so thanks to new, real-world ways of securing data. There are real, practical methods for securing data in the cloud. When taking these steps, two things must be kept in mind:

  • Protecting data in real-world environments
  • Compliance requirements

Protecting data in the cloud involves many of the same requirements the data administrator will have when protecting data in a closed network. Sticking to CIA (Confidentiality, Integrity, and Availability) as the root protection method is still the best way to keep data secured. Analyzing and mitigating the most common security threats to your data requires considerations of the location of the data as well as its regulation within the scope of compliance.

Location of Data

Meeting compliance requirements for whatever standards regulate your business or industry is a serious obligation. For cloud storage, the biggest problem here is the location of the data. In most public cloud systems, your data’s geographic location may be random and is often unknown. It’s not unusual for single entry in the database to actually have multiple homes in the cloud, which can complicate the use of public cloud – or even make it impossible in some cases. Private clouds, however, often do not have this issue with locations of data being fixed (within certain parameters) or at least identifiable.

Regulation of Data

secure-data

As an example of protecting data while meeting compliance requirements, personally-identifiable information is often regulated quite differently from one jurisdiction to another – even country to country. In the U.S., any personally- identifiable information stored within the country borders must be available to law enforcement under the USA Patriot Act. In Canada and several European countries, however, that data must be kept away from foreign jurisdictions at all times, making it illegal to store some personally-identifiable information of Canadian, French, or other citizens on U.S.-based servers. Further, all of these jurisdictions have differing requirements for storage security.

Steps Towards Securing Data In the Cloud

To move to the cloud, database professionals will first need to identify what types of compliance requirements they may have. Some data may have to remain in-house while other might be a good candidate for cloud services. If you have contracts that cover some of your data in regards to privacy policies, storage for clientele, etc., you will also need to review those contracts to be sure that the data can be stored off- site without breaching agreements.

Solutions for this may include finding services that guarantee storage of data only within a specific jurisdiction. For example, Amazon Web Services has “regions” for cloud storage and those who opt to keep their data within a specific geographic region (the U.S., North America, specific areas of the U.S. or Canada, etc.) may find that this keeps them in compliance. It comes with risks, however as witnessed by the area-wide outages some Amazon customers have had in the past.

Data Protection Points

Once data is flagged to be moved into the cloud, protection becomes critical. For cloud storage, there are generally three locations that the data will be at any given time:

1. At its fixed data storage locations

2. At the virtual machine doing the processing

3. In transit from the fixed storage to the virtual machine

Because of this less-central setup, administrators need to consider security of the data not only in storage, but also while in transit and in use. This requires three things:

1. Access control lists to secure who gets access to what data and when – already SOP for most databases stored centrally, but now to include some off- site administrative personnel from the storage provider.

2. Encryption during transit to ensure that the data is secure during transit to and from the processing machine and the database’s storage location. In this case, the data should be treated as if it were being accessed by remote personnel even if the processing machine is on-site.

3. Encryption at storage, in order to ensure access by cloud services provider personnel is limited to data movement only to avoid giving them access to potentially sensitive information. This provides another level of security that may also give better compliance for many types of very sensitive data such as personally-identifiable information and financial information storage.

Conclusion

By taking steps to classify and securely transmit and store information, the database administrator and management are likely to find that they are in compliance with most of the requirements they have. Carefully securing contracts that hold location compliance requirements in mind and encrypting it when it is stored on servers you do not control, you also protect yourself from liabilities that could come from others’ gaining access through legitimate methods but without your authorization – namely the staff at the contracted storage facilities for your cloud services.

By Michael Dorf,

Michael Dorf is a seasoned software architect and instructor with a M.S. in Software Engineering and a dozen years of industry experience. He is a co- founder of LearnComputer (learncomputer.com), an IT/Open Source training school based in San Francisco Bay Area. Our one-day Big Data Overview course is designed for IT managers who need a fast track to Big Data solutions available on the market today.

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

Comics
3 Keys To Keeping Your Online Data Accessible

3 Keys To Keeping Your Online Data Accessible

Online Data Data storage is often a real headache for businesses. Additionally, the shift to the cloud in response to storage challenges has caused security teams to struggle to reorient, leaving 49 percent of organizations doubting their experts’ ability to adapt. Even so, decision makers should not put off moving from old legacy systems to…

Four Recurring Revenue Imperatives

Four Recurring Revenue Imperatives

Revenue Imperatives “Follow the money” is always a good piece of advice, but in today’s recurring revenue-driven market, “follow the customer” may be more powerful. Two recurring revenue imperatives highlight the importance of responding to, and cherishing customer interactions. Technology and competitive advantage influence the final two. If you’re part of the movement towards recurring…

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

DDoS Attacks October 21st, 2016 went into the annals of Internet history for the large scale Distributed Denial of Service (DDoS) attacks that made popular Internet properties like Twitter, SoundCloud, Spotify and Box inaccessible to many users in the US. The DDoS attack happened in three waves targeting DNS service provider Dyn, resulting in a total of about…

Moving Your Email To The Cloud? Beware Of Unintentional Data Spoliation!

Moving Your Email To The Cloud? Beware Of Unintentional Data Spoliation!

Cloud Email Migration In today’s litigious society, preserving your company’s data is a must if you (and your legal team) want to avoid hefty fines for data spoliation. But what about when you move to the cloud? Of course, you’ve probably thought of this already. You’ll have a migration strategy in place and you’ll carefully…

Cost of the Cloud: Is It Really Worth It?

Cost of the Cloud: Is It Really Worth It?

Cost of the Cloud Cloud computing is more than just another storage tier. Imagine if you’re able to scale up 10x just to handle seasonal volumes or rely on a true disaster-recovery solution without upfront capital. Although the pay-as-you-go pricing model of cloud computing makes it a noticeable expense, it’s the only solution for many…

The Five Rules of Security and Compliance in the Public Cloud Era

The Five Rules of Security and Compliance in the Public Cloud Era

Security and Compliance  With technology at the heart of businesses today, IT systems and data are being targeted by criminals, competitors and even foreign governments. Every day, we hear about how another retailer, bank or Internet company has been hacked and private information of customers or employees stolen. Governments and oversight organizations are responding to…

Don’t Be Intimidated By Data Governance

Don’t Be Intimidated By Data Governance

Data Governance Data governance, the understanding of the raw data of an organization is an area IT departments have historically viewed as a lose-lose proposition. Not doing anything means organizations run the risk of data loss, data breaches and data anarchy – no control, no oversight – the Wild West with IT is just hoping…

Three Reasons Cloud Adoption Can Close The Federal Government’s Tech Gap

Three Reasons Cloud Adoption Can Close The Federal Government’s Tech Gap

Federal Government Cloud Adoption No one has ever accused the U.S. government of being technologically savvy. Aging software, systems and processes, internal politics, restricted budgets and a cultural resistance to change have set the federal sector years behind its private sector counterparts. Data and information security concerns have also been a major contributing factor inhibiting the…