Are clouds really insecure? Or more secure than conventional IT environments? Growing number of technology experts are making that argument, they are not vender and ever not selling anything but their wisdom tells them about cloud insights. Both government officials and technology enthusiasts expect much in its security.
Their comment on cloud security are often accompanies by the caveat, “if you do it right” cloud security only happens through a combination of vigilance, best practices, and technology including encryption, patching and monitoring.
The shift from in house storage to cloud is an opportunity to rethink security from the ground up, to re-architect networks and data centers in a way that bridges existing gaps. Clouds would be more secure than old data centers. That’s what IT leads and Government officials are foreseeing.
To chose a cloud storage provider depend on your environment and your goals. Small to medium sized concerns may be looking for file sharing and large sized organizations may be are looking it as a backup of existing processes. In fact CSP (Cloud Storage Providers) come into two forms. Some providers are providing complete turnkey system. Some just connect to you via third party software, just physical storage assets in the cloud. So, it truly depends on you which provider you will have to connect to.
You would see none of these CSP methods is better than the others. Choosing which one makes the most sense for your organization depends on your needs and each of these CSPs can deliver on security, availability, and flexibility—which is more important.
Security is certainly critical regardless of size of organization and of cloud storage. At a minimum you want your data that is at rest in the cloud to be encrypted, this is what you want. The primary motivation is to make sure that, if the CSP hosting your data is responding to a legal action and needs to provide access to data, your data can’t be read, which means nobody has access to your private data.
Storing encrypted data at someone else’s facility and then having that facility come under investigation is going to make for some very interesting legal arguments and is something cannot be explained here. In short, while encryption alone does not free you from a court order, it at least gives you the control over who will and will not see your data.
Now most cloud storage applications use local storage to cache data as it moves back and forth between the Cloud Storage Provider. This local storage should be encrypted, too. Local encryption protects you if a hard drive needs to be disposed of. Unlike a RAID system, although it is still readable, it requires some effort to read data from discarded drives. Now it comes’ the availability. Certainly everyone is focusing on the provider that has minimal chance of an outage.