Data security is always a hot topic
Data security is always a hot topic among IT industry pundits, but I believe 2013 will go down as the year security crawled out of the basement and into the cultural zeitgeist.
Edward Snowden and the NSA spying revelations may have been the biggest tech story of the year. And mass data breaches at Twitter, Facebook, Adobe and The New York Times (just to name a few) were PR nightmares that raised the profile of data security — particularly in the cloud — as a recurring topic of conversation in the boardroom.
No doubt today’s breaking news will define many of tomorrow’s innovative technologies. We’re watching these developments closely at Gazzang and continuing to evolve and enhance our solutions to meet the growing needs of enterprises in the cloud and with big data.
As we close the book on 2013, I’d like to share a few cloud security-related predictions:
- SaaS vendors will offer encryption keys revocable by end users. SaaS providers understand they have an obligation to protect sensitive data on behalf of their clients. I believe more cloud vendors will provide encryption, and allow their clients to control access to the encrypted data by giving them ultimate control of the keys. This includes the ability to revoke the key and render data unreadable by the SaaS vendor.
- Vulnerability of APIs will be exposed. APIs are increasingly popular for application integration because they enable apps (and soon Internet-connected objects) to request data from each other. Yet exposing core business data and processes via APIs makes them more susceptible to hackers — increasing the risk for intrusion attacks, data theft or DOS attacks.
- European companies migrate data from US-based cloud and SaaS providers in response to NSA Prism scandal. US-based cloud service providers including Google, Amazon and Microsoft account for approximately 85 percent of global markets. However, a recent Cloud Security Alliance survey of 500 respondents found that 56 percent of non-US residents were less likely to use US-based cloud providers in light of recent revelations about government access to customer information. In response, the EU’s European Cloud Partnership is drafting a charter to promote an EU-based digital cloud service.
- As NSA concerns fade, data privacy concerns skyrocket. Most people and organizations will realize they’re not being targeted by the NSA; however, the residual effect of the spying scandal is that data privacy will become a scorching hot topic in 2014. A recent poll shows 86 percent of U.S. Internet users have taken steps online to remove or mask their digital footprints using a variety of methods, and more than 70 percent of E.U. citizens want to have more control over how their data is used online.
- Major trustees of consumer data, such as Google, Yahoo and Facebook begin to offer consumer-based key management services, where the provider hosts the encryption and the end-user manages the keys to their personal data. Consumer cloud storage providers tend to design systems that emphasize recoverability over security. However, as organizations like the NSA continue to snoop on citizens, cloud services face increasing pressure to up the ante in privacy protections and data security, allowing users to hold their own encryption keys and prevent access to sensitive data that might otherwise fall subject to government subpoena.
By Larry Warnock