How To Protect Data At Your Cloud Service Provider?

How To Protect Data At Your Cloud Service Provider?

How To Protect Data

Some of the world’s largest companies today operate entirely from the cloud or at least have a major portion of their services outsourced to a cloud environment. This trend is exponentially growing – as well know it. With cloud data storage pricing at all time with downward trends, how can you resist the temptation of not using cloud based data storage services? There are, however, shortcomings to this transition, and security concerns tops the list as the most commonly cited.

History-Data-Storage

Cloud storage, as the name suggests, primarily refers to the increasingly prevalent on-line storage services hosted at the cloud. There is potentially infinite storage capacity, redundancy, high availability, and stable performance offered by the cloud today. For instance, Amazon Web Services (AWS) offers cloud storage ranging from general data storage and backup of web databases. For corporations and users alike, using cloud based technologies provide ease of access, virtually no downtime or server crashes, non-existent application accessibility issues, etc.

In lieu of many alluring advantages of cloud computing, it also brings new security challenges; in particular, reliability, integrity, and privacy of data, since no direct control is available. While data security and confidentiality can be ensured by means of encryption and tokens, integrity of data remains a blurry task.

After data is moved to the cloud, for example, you essentially relinquish ultimate control over the data, which is now entirely managed by the cloud service provider. Scary thought as it may be, it is essential for you to be able to verify that your valuable data is still available at the cloud in its original form and is ready for retrieval when necessary. How do you know if your data is not corrupted, deleted or modified or moved from one server or another at the behest of your cloud service provider?

As a thought, one possibility for assuring high availability of outsourced data is through simple replication to other service providers, but this adds to your costs. Another option is to periodically review your data and have a workflow in place to retrieve data for verification purposes – similar to conducting audit checks. Nevertheless, both of these options are not that appealing. To mitigate these problems, a widely utilized approach is to employ a challenge-response mechanism.

A challenge response mechanism is basically a family of protocols in which one person sets a challenge, and person on the other end must provide a valid response or answer, thus completing the challenge. The main objective of this framework is that if cloud service provider stores incomplete or incorrect data will be unable to respond to the challenges correctly, allowing you to detect anomalies.

Another robust approach should be able to support an unbounded number of audit protocol interactions to ensure that the server’s misconduct at any time will be detected. In cloud storage, support for dynamic data operations can be of vital importance to both remote storage and database services. Most of the times, while conducting integrity verification of data, you may not be able to perform integrity check yourself, or members of your team may lack the necessary expertise, in that case, setting up an audit server might just do the trick for you.

The auditing server is a reliable and independent entity that challenges the cloud service provider on behalf of the clients and assures correctness of data storage, while not learning any information contained in the stored data. For improved efficiency, the auditing server could also perform batch auditing during which it simultaneously processes auditing requests from multiple users.

By Syed Raza

About Syed Raza

With over 20 years of combined experience in the fields Law, Management, and IT, Syed has impeccable reviewing and strong editing skills with a long track record of writing technical, legal, and management articles that make readers stop and think.. Being a serial entrepreneur and attorney, he provides consultancy and project management in e-Discovery issues in complex civil litigation. As, a trial attorney with significant experience in matters relating to patent infringement, defense and prosecution in the pharmaceutical industry, contracts disputes, real estate, criminal matters, and international human rights law. Syed provides guidance and counsel to attorneys and clients on all aspects of discovery, including information management, data preservation and collection, early case assessment, comprehensive managed review and production. He also holds a PhD (management sciences) and MBA degree as well.

View All Articles

2 Responses to How To Protect Data At Your Cloud Service Provider?

  1. I guess organizations should also consider CSPs Data Retention Policies and if it maps to their own policy? Data Disposal / Sanitization after you have moved your data out or concluded your contract with the CSP is also very important factor to be considered.

  2. I agree. For example, Directive 2006/24/EC, issued by the European Parliament in 2006, requires mobile- and
    fixed-line CSPs to retain records of all telephone calls and Internet data. The Directive also requires CSPs
    to provide retained data in a timely manner to the Law Enforcement Authorities (LEAs) and other government agencies while preserving its evidential integrity and complying with relevant data protection legislation.

Personal Accounts of Google CEO Compromised

Personal Accounts of Google CEO Compromised

Personal Accounts Compromised The security of our information online, whether it’s our banking details, emails or personal information, is important. Hackers pose a very real threat to our privacy when there are vulnerabilities in the security of the services we use online. It can be worrying then when the CEO of perhaps the largest holder of…

How You Can Improve Customer Experience With Fast Data Analytics

How You Can Improve Customer Experience With Fast Data Analytics

Fast Data Analytics In today’s constantly connected world, customers expect more than ever before from the companies they do business with. With the emergence of big data, businesses have been able to better meet and exceed customer expectations thanks to analytics and data science. However, the role of data in your business’ success doesn’t end…

Data Protection and Session Fixation Attacks

Data Protection and Session Fixation Attacks

Keeping the man out of the middle: preventing session fixation attacks In a nutshell, session fixation is a type of man in the middle attack where an attacker is able to pretend to be a victim using a session variable. For instance, let’s say you have an application that uses sessions to validate the user.…

E-Commerce Advances For Savvy Marketers

E-Commerce Advances For Savvy Marketers

Digital Marketing Platforms Advertising and marketing techniques have progressed rapidly in the last decade with both channel focus and the direction of content shifting considerably due primarily to advances in cloud technology. Gartner’s Magic Quadrant for Digital Commerce 2016 singles out a few ecommerce providers who are topping their sector in both ability to execute…

The Lighter Side Of The Cloud – Energy Battle

The Lighter Side Of The Cloud – Energy Battle

By David Fletcher Please feel free to share our comics via social media networks such as Twitter, Facebook, LinkedIn, Instagram, Pinterest. Clear attribution (Twitter example: via@cloudtweaks) to our original comic sources is greatly appreciated.

Recent Articles - Posted by
Cloud Infographic – The Future (IoT)

Cloud Infographic – The Future (IoT)

The Future (IoT) By the year 2020, it is being predicted that 40 to 80 billion connected devices will be in use. The Internet of Things or IoT will transform your business and home in many truly unbelievable ways. The types of products and services that we can expect to see in the next decade…

Cloud Infographic – The Data Scientist

Cloud Infographic – The Data Scientist

Data Scientist Report The amount of data in our world has been exploding in recent years. Managing big data has become an integral part of many businesses, generating billions of dollars of competitive innovations, productivity and job growth. Forecasting where the big data industry is going has become vital to corporate strategy. Enter the Data…

4 Different Types of Attacks – Understanding the “Insider Threat”

4 Different Types of Attacks – Understanding the “Insider Threat”

Understanding the “Insider Threat”  The revelations that last month’s Sony hack was likely caused by a disgruntled former employee have put a renewed spotlight on the insider threat. The insider threat first received attention after Edward Snowden began to release all sorts of confidential information regarding national security. While many called him a hero, what…

How Data Science And Machine Learning Is Enabling Cloud Threat Protection

How Data Science And Machine Learning Is Enabling Cloud Threat Protection

Data Science and Machine Learning Security breaches have been consistently rising in the past few years. Just In 2015, companies detected 38 percent more security breaches than in the previous year, according to PwC’s Global State of Information Security Survey 2016. Those breaches are a major expense — an average of $3.79 million per company,…

Is The Fintech Industry The Next Tech Bubble?

Is The Fintech Industry The Next Tech Bubble?

The Fintech Industry Banks offered a wide variety of services such as payments, money transfers, wealth management, selling insurance, etc. over the years. While banks have expanded the number of services they offer, their core still remains credit and interest. Many experts believe that since banks offered such a wide multitude of services, they have…

Teach Yourself The Cloud: Cloud Computing Knowledge In 5 Easy Steps

Teach Yourself The Cloud: Cloud Computing Knowledge In 5 Easy Steps

Teach Yourself The Cloud Learn how to get to grips with cloud computing in business  Struggling to get your head around the Cloud? Here are five easy ways you can improve your cloud knowledge and perhaps even introduce cloud systems into your business.  Any new technology can appear daunting, and cloud computing is no exception.…

15 Cloud Data Performance Monitoring Companies

15 Cloud Data Performance Monitoring Companies

Cloud Data Performance Monitoring Companies (Updated: Originally Published Feb 9th, 2015) We have decided to put together a small list of some of our favorite cloud performance monitoring services. In this day and age it is extremely important to stay on top of critical issues as they arise. These services will accompany you in monitoring…