Protecting Your Data in the Cloud Part II

On Monday we explored a little bit about what it means to have your data stored in a cloud data center. Specifically, we took a look at accessing your data while it’s floating around up there in the clouds and what you should do and look for to keep it safe. The key part of that statement, of course, is “you.” If you’re not going to concern yourself with your organization’s data and how it’s protected from unauthorized intruders, then who will?

Yes, when you partner with a cloud data center host to store, manage and maintain your data your assumption is probably going to be that the data center (DC) staff is going to do everything necessary to keep your data safe and sound. And it’s true that a good DC provider is indeed going to do just that. But you shouldn’t just assume that every DC option you have is a good one. As we mentioned Monday, there are a number of things you need to look into and questions you need to ask in order to determine just how safe your data will be at any given center.

Doing so is a great start to ensuring data protection, but it isn’t the end. There’s that whole “you” thing we mentioned. What are you doing to protect your data? We’ve already told you what your cloud server password policies should be, so you’re off to a good start if you read that bit in our previous blog and plan to follow our guidelines, but there’s still more you need to know.

If It’s Not Backed up, Back It Up

You’re paying someone to store your data, so shouldn’t they be the ones up late at night worrying about, well, storing your data? Yes, they absolutely should be. DCs usually have backup generators and other failsafe measures in place in case of a power outage or other emergency that could threaten your data. That means the chances are high that it will be protected in the event that the power unexpectedly goes out, the center floods, a fire starts or some other unavoidable catastrophe strikes.

That all sounds pretty scary, right? It is. You need to have your data available for use, and you can’t afford to lose it temporarily or permanently. Before you panic, though, know that there is a solution, and it’s called redundancy. Your DC is going to have redundancies of its own in place, but if you really want to sleep soundly at night knowing your data is safe, then you should have your own redundancies in place too. Back up all of your data onsite to ensure all of your eggs aren’t in the same basket. And if you really want to ensure it’s safe, back it up on multiple physical hard drives of your own.

A couple of years ago a Wired journalist wrote about how he lost all of his data because he wasn’t performing regular backups. Granted, the story is about an individual, not a company/organization, but its moral applies to organizations as well as to individuals: regularly back up your data in multiple places and you won’t have to worry about one of them being compromised.

“Had I been regularly backing up the data on my MacBook, I wouldn’t have had to worry about losing more than a year’s worth of photos, covering the entire lifespan of my daughter,” Wired’s Mat Honan recounted, “or documents and e-mails that I had stored in no other location.”

It’s interesting that Honan doesn’t even blame the hacker who stole all of his data and gained unauthorized access to his myriad internet accounts; he blames himself for not backing up his data. Had he done as much, he’d still have all of that data today.

Authorized Personnel Only

Do you trust everyone enough to give them access to all of your data? No, you don’t. How do we know? (Besides the common sense fact that you just shouldn’t, that is.) Because you’re reading this blog about keeping your data secure right now. That’s how.

Even within your organization, does everyone need to have access to everything on your servers? Probably not. Think long and hard about who should get access and about what they should get access to. Most cloud storage services have three different settings for the files you store in the cloud:

  • Shared – Anyone you invite/grant access to can get into the files and essentially do whatever they want with them. If you need others to have access to your files, and you probably will unless you’re running a one-man/woman show, then this is the way to go. Other people will be able to view and edit your files, but only if you explicitly grant them the ability to do so.
  • Public – Like with shared, this means other people can gain access to and mess around with your cloud file(s). However, the difference here is that anyone who wants access can get it on their own. Yes, as the name implies, public means the public will have access to your files. All they have to do to access them – and potentially manipulate them— is find them.
  • Private – Do you have data that’s “for your eyes only”? If so, then this is the option you’ll want to go with for it. It should be pretty self-explanatory, but to be clear, setting a cloud file to private means only you will be able to open it.

In all likelihood, not a single one of these options is going to be perfect for all of your data all of the time. What’s more likely is that a mix of two or all three of them will be appropriate. You know your data better than anyone else. Think about what you use it for, what you’re going to use it for and who else will need to use it. Deciding who should have access to what shouldn’t be difficult, so get to it!

Encrypt Before, Not After

In our last blog we talked some about the importance of encryption, but what we didn’t discuss was the very best way to encrypt your data. If you’re obsessed with being secure, then you shouldn’t wait for your DC to encrypt your files after they’ve been moved to the cloud. Encrypting your files while they’re still stored locally and only then putting them in the cloud is the best way to protect them. Think about it – if the encryption key is in your hands, then it’s going to be pretty difficult for someone else to decrypt your files.

Of course, as it is with most tech options, this security measure brings with it some concerns of its own. If you need to share your files with anyone else (see those bullet points a few paragraphs back), then you’ll have to share the key with them, and the more people who have the key the more difficult it becomes to manage the whole thing. What that means is that this method can sometimes become self-defeating. This may not be the right option for everyone, then, but it tends to work exceedingly well for security-obsessed archive or storage services.

Whatever you do to secure your data when storing it in the cloud, make sure it’s the right move for your organization and accounts for how much data you think you’ll have in the future and what you think you’ll be doing with that data.

Image Source: Vormetric

 

Written By
More from Nick

Is FedRAMP Successfully Bringing the Government into the Cloud? Part II

On Wednesday we promised you more coverage of FedRAMP (Federal Risk and...
Read More
Loading Facebook Comments ...
Loading Disqus Comments ...

Leave a Reply