Posted on Wed, May 20, 2009
Cloud computing has gained popularity over the past two years. The concept incorporates software as a service (SaaS) as well as other technology trends that have the common theme of reliance on the Internet for satisfying the data storage needs of the user. However, cloud storage providers such as Carbonite, Amazon S3 and Google App Engine have recently been troubled with recurrent shutdowns and losses of customer data. The problems experienced by these companies have made some question as to whether cloud storage poses a data security risk, specifically due to users depending on unseen infrastructures holding massive data vaults that can attract the interest of hackers and electronic terrorists.
Unlike a reliable remote backup company that stores data at an offsite data vault, the distinctive attributes of cloud storage require risk assessments in areas such as data recovery, as well as privacy and legal issues such as e-discovery, regulatory compliance and auditing. In contrast to using a secure remote backup service provider, below are a few precautions Gartner gives when considering a cloud storage service provider.
Since cloud services bypass the physical, logical and personnel controls IT organizations exert over in-house programs, sensitive data processed outside the enterprise brings with it an inherent level of risk.
Customers are ultimately responsible for the security and integrity of their own data, even when it is held by a cloud service provider. Remote backup service providers are subjected to security certifications.
When using cloud services, the exact location of where the company’s data is hosted is unknown. In fact, the data may be stored in an unknown country.
Data is in a shared environment alongside data from other customers, posing an encryption risk which could make data totally unusable.
Many cloud service providers lack the ability to replicate data and application infrastructure across multiple sites, making the stored data vulnerable to a total failure in the event of a disaster. The cloud service provider’s capability to do a complete restoration is imperative in the case of a catastrophe.
Investigating inappropriate or illegal activity may be impossible in cloud computing. Cloud services are difficult to investigate because logging and data for multiple customers may be co-located and spread across an ever-changing set of hosts and data centers.
In the event that the cloud service provider goes out of business or gets acquired by a larger company, make sure the provider is able to get the data back in a format into which a replacement application can be imported.
Although there is no such thing as 100% foolproof backup, partnering with a trusted and secure data backup service company will provide a higher level of security to store all mission-critical and regulatory compliant data. If contemplating on storing in the clouds, consider the factors mentioned in this article.