The Cloud: secure or naturally out of our control?
This has been the subject of debate among experts and veteran users of the cloud since its inception; but for those who don’t know what the cloud is, let’s begin by defining what it is and how it’s used. The cloud, or cloud computing as some contemporaries might have it, is a group of physically connected servers used by organisations to back-up, store, and transfer data in large quantities. Companies like Google, Apple, and Microsoft offer cloud services to just about anyone who wants access to information from a smartphone or any other web-enabled device from anywhere in the world. Businesses are privy to the advantages of the cloud and have outsourced customer data to service providers where the cloud is more centralised and accessible. In doing so, customers will expect their data to be used responsibly and protected at all costs.
So what are the risks? Using the cloud requires organisations to use secondary authentication measures for their employees to have access to data off-site; organisations have to make sure when outsourcing to other cloud providers that they’re able to meet the standards set by the regulator; downtime caused by power outages can also prevent access to cloud data. These risks, although small and benign, can lead to more drastic outcomes if ignored early on giving hackers and cybercriminals a reason to exploit the weak points of an organisation’s security network.
Another crucial factor in all this are people, cybercriminals look to exploit the bad practices of organisations. For example:
It was discovered recently that 4 million of Time Warner Cable (Spectrum) customer records were being stored on Amazon cloud servers without a password, exposing sensitive data like transaction numbers, account numbers, and login credentials to the public. In 2011, the ACS: Law case was widely covered by the The Law Gazette, The Guardian and the BBC reporting that Andrew Crossley, the firm’s only registered solicitor at the time was fined £1,000 by the Information Commissioner’s Office (ICO) for using a public cloud platform to store client data that was subsequently exposed in a severe data breach. The information commissioner at the time, Christopher Graham said "were it not for the fact that ACS:Law has ceased trading so that Mr Crossley now has limited means, a monetary penalty of £200,000 would have been imposed”. The severity of the breach had initially warranted a heavier fine because as a law firm they were negligent in their duty as a data controller to provide data protection and were naturally held to a higher account.
Despite these cases, the cloud still has some advantages: you can share data seamlessly across all your devices; data can be backed-up to more than one cloud network reducing the risk of stolen flash drives and other physical storage devices; and it’s economical to run as it’s considered an asset which incurs operational costs instead of new capital expenditure – this means that businesses don’t have to spend money on new assets that require the additional on-site support to maintain and update them. These advantages merely describe the convenience of being able to access data in an affordable way, but security seems to be massively compromised because of the shared, intangible nature of the cloud, data isn’t physically controlled or protected so human intervention is limited in this regard.
With that mind, data has become one of the most valuable assets in business, and organisations should consider utilising reliable and secure on-premises networks that enable us to protect data. For instance, Bonafidee uses our ultra-secure IL3/4 data centre located off-site where the risks are significantly mitigated giving our clients the confidence to rely on our data protection support and our company’s practices.