Cloud Data Security – Some Concerns Addressed

What is data security?

To continue our security theme we’re going to clarify what data security actually means for a business. People are understandably apprehensive about uploading the entirety of their company files to the web and doing away with their physical servers, but are the risks greater?

Data security can be summarised as follows – it is:

  • ensuring only authorised individuals can see your data
  • only authorised individuals can modify your data
  • and you can access your data where and when you need without obstruction

Or, more concisely, Glenn Watt, ex cyber security expert with the US military puts it “data security boils down to confidentiality, integrity and availability” (cited in Forbes).

I’m apprehensive..but not sure why!

Some people understandably find it hard to specifically state what their fears about data security actually are – sure it is a hot topic right now, and we can certainly understand the implications of breaches in relation to, say, leaked nudey pics of celebrities – but what does it mean for a business? A fear of the unknown is probably the biggest issue to overcome, but how will a security breach affect the business on a strategic level? This is a very valid question to ask yourself and your provider.

“Will the cloud provider go out of business and I’ll lose my data? Can hackers access my virtual drives and steal corporate secrets? What happens if there is a technical hiccup and my data is accessible by the other unauthorised individuals or organisations?

Answering those questions, there is just as much chance of that happening as there is with old-fashioned mainframe servers, except cloud servers don’t risk destruction as a result of physical damage such as fire, flooding, or energy surges. Cloud servers are physically located across the world and in highly secure installations with 24/7 monitoring and protected by multi-layer firewalls that are in many instances of military grade. Essentially, it doesn’t matter how well you think you can protect your physical servers from theft or remote hacking, they will never ever be as secure as one of Google or Amazon’s cloud storage data centers.

Ok smarty, how safe are the data centres then?

Well, encryption is the main security measure cloud computing has in place. Google uses two-factor encryption methods which means all information stored is encrypted so that the owner or authorised users are the only ones who can access it. Access itself is verified by a password or passkey, and the second stage of verification usually takes the form of a software key installed in authorised individuals’ computers or devices. This means that even if an unauthorised party was to get hold of the password they will be unable to access any data without having the software key, and vice versa obviously.

Cloud hosting also offers data security intelligence built-in, which clearly is invaluable for auditing purposes. You can track the flow of information and see who is accessing it and from where, as well as loss monitoring. So what we have is a system with the same level of security as a physical server but without the physical risks. I’m not even going to go into the remote working benefits again as this has been covered. Two-stage authentication is very much available and as effective across static and mobile devices such as phones and tablets.

The future of security

Cloud security is becoming an industry sector in itself with many specialist organisations researching and developing additional measures that aim to help businesses ensure the security of their data above and beyond the strict controls already employed by cloud services such as Google Drive and Amazon Web Services.

In the next blog post, I’ll discuss some additional security measures such as setting up two-step verification for many popular websites and look at some third-party security services that are available, and specifically whether or not these are worth considering for your business.