Cloud-ManagementDo you have clients who think that some of their data files are “too confidential” for storage in the cloud?

Recent cyber-surveillance revelations have unsurprisingly left many businesses feeling jittery about whether storing sensitive data in the cloud is a good idea.

A Wall Street Journal feature recently focused on a company that commented that they considered 60% of their data to be “too sensitive” for storage in the cloud. In this article, we discuss whether this is a realistic view.

Of course, there are companies in many industries that do maintain genuinely sensitive data, such as credit card details and health records. Security breaches involving this kind of information can result in bad publicity and far worse. As such, it’s understandable that companies feel it wise to keep this data as close and controlled as possible. However, there is something of a fallacy to this kind of thinking:

Is “On Premise” Really Safer?

Avoiding cloud storage for confidential data could prove to be a mistake. After all, it’s not as if there’s never been an IT security breach involving an on-premise system!

In fact, the opposite logic could apply. Cloud services often benefit from economies of scale that make them inherently more secure than their on-premise equivalents, especially for mid-market companies whose budgets don’t stretch to enterprise-grade security appliances.

Furthermore, it’s not always how “bullet proof” a system is from outside attack that’s most important. The security of the data files themselves is actually far more relevant. Unencrypted data is still unencrypted data whether it’s stored in a datacenter or on a server shoved up the corner of an office.

Choosing the Right Solutions

With the above all firmly in mind, it’s perhaps time to look at cloud data storage slightly differently. Consider the following points:

  1. Cloud storage services are not all equal. Consumer services such as Dropbox are clearly not the ideal place to store sensitive information, but that doesn’t mean that a true business-grade service cannot be just as secure as “in-house” storage.
  2. File security starts with the files themselves. If data is intended to be fully confidential, it should be encrypted from the start. If you are confident that the encryption is solid, where the files actually reside carries less importance.
  3. It’s down to you to carry out the “due diligence” on any cloud service provider you plan to recommend (or outsource) to your clients. You need to know exactly where data is physically stored, how it is protected, and who could potentially gain access to it.
  4. Business-grade cloud storage providers know that MSPs need solid answers to their questions. If they don’t meet compliance requirements, nobody will buy into their services. Make them convince you that data is as safe with them as it is in the office – then you can have full confidence when you explain the options to your customers.
  5. If the cloud services provider offers two-factor authentication, then it’s probably more secure than your standard on premise user ID and password.

Ian Trump

Security Lead at MaxFocus
Ian Trump, CD, CPM, BA is an ITIL certified Information Technology (IT) consultant with 20 years of experience in IT security and information technology. Ian enjoys and maintains a strong commitment to the security community. From 1989 to 1992, Ian served with the Canadian Forces (CF), Military Intelligence Branch; in 2002, he joined the CF Military Police Reserves and retired as a Public Affairs Officer in 2013. He is currently Security Lead at ControlNow working across all lines of business to define, create and execute security solutions and promote a safe, secure internet for Small & Medium Business world wide.
Ian Trump