For many, Cloud is a buzzword floating through cyber space. It is all too common to hear stories of data being compromised due to insecure Cloud hosting, spawning critical audit sweeps and apologetic corporations responding to upset customers—Yikes! If you are following the growth of current technology trends, you know that cloud has been growing at an explosive pace in the public and private sector. Business consulting firm, Bain & Co., predicts a 65% growth in Cloud usage in the next three years and a revenue stream of $20 billion to nearly $150 billion by 2020
[1]. Data/file storage is one of the most prevalent functions of the Cloud.
So why is there so much hesitation with Public Cloud even though it’s experiencing a phenomenal growth rate? (Do not worry; I will talk about the private cloud in the future, just keep following my blog) Let me illustrate.
From an Enterprise perspective, Cloud security is skeletal and often times just ignored altogether.
IT Administrators are only presented with two poor choices in regards to securing their enterprise data with respect to the Cloud. The IT Administrator can completely trust the Cloud Service Provider; however unwise that may be. Or alternatively, the IT administrator may also choose to prohibit any usage of Cloud by the enterprise; thereby, blocking employees from leveraging the benefits of Cloud storage altogether. Neither of these options provide for a secure and user friendly environment.
Though some Cloud services claim to offer encryption with their product, protection is far from guaranteed. Why? Because this usually means one of two things: A single key is used for all tenants, or per tenant keys are assigned to each individual tenant without management capabilities.
In the former example, where a single key is used by all tenants in an enterprise, the stored information is protected from external threats; however, that same information is at risk of internal corruption.
In the latter example, where per tenant keys are assigned to each individual tenant within an enterprise, sensitive information may be protected from internal corruption, but all key management capabilities are stored, in faith, with the Cloud provider. To the dismay of the enterprise, this kind of faith exposes sensitive information to external threats without accountability, nor with any transparency.
Oh the woes of the enterprise security manager! We do sympathize with these challenges and tribulations. To move Cloud security forward, let’s begin to think about new workflow processes and how enterprise can better take advantage of this new reform in data management.
For one, encryption is something to think about when looking at cloud providers. A good encryption program should offer the following at a minimum:
▪ per-tenant keys, the ability for Administrators to manage those keys locally
▪ support secure sharing of encrypted files through the Cloud storage medium.
Is that too much to ask?
Tell me, IT administrators and Cloud fanatics, what is your Cloud storage story? How do you deal with the security challenges today?
So why is there so much hesitation with Public Cloud even though it’s experiencing a phenomenal growth rate? (Do not worry; I will talk about the private cloud in the future, just keep following my blog) Let me illustrate.
From an Enterprise perspective, Cloud security is skeletal and often times just ignored altogether.
IT Administrators are only presented with two poor choices in regards to securing their enterprise data with respect to the Cloud. The IT Administrator can completely trust the Cloud Service Provider; however unwise that may be. Or alternatively, the IT administrator may also choose to prohibit any usage of Cloud by the enterprise; thereby, blocking employees from leveraging the benefits of Cloud storage altogether. Neither of these options provide for a secure and user friendly environment.
Though some Cloud services claim to offer encryption with their product, protection is far from guaranteed. Why? Because this usually means one of two things: A single key is used for all tenants, or per tenant keys are assigned to each individual tenant without management capabilities.
In the former example, where a single key is used by all tenants in an enterprise, the stored information is protected from external threats; however, that same information is at risk of internal corruption.
In the latter example, where per tenant keys are assigned to each individual tenant within an enterprise, sensitive information may be protected from internal corruption, but all key management capabilities are stored, in faith, with the Cloud provider. To the dismay of the enterprise, this kind of faith exposes sensitive information to external threats without accountability, nor with any transparency.
Oh the woes of the enterprise security manager! We do sympathize with these challenges and tribulations. To move Cloud security forward, let’s begin to think about new workflow processes and how enterprise can better take advantage of this new reform in data management.
For one, encryption is something to think about when looking at cloud providers. A good encryption program should offer the following at a minimum:
▪ per-tenant keys, the ability for Administrators to manage those keys locally
▪ support secure sharing of encrypted files through the Cloud storage medium.
Is that too much to ask?
Tell me, IT administrators and Cloud fanatics, what is your Cloud storage story? How do you deal with the security challenges today?
by Soumya.Bhaumik
[1] Chad Brooks. Cloud Usage Growth Expected to Soar. Business News Daily. October 3, 2012. Viewed October 4 2012. http://www.businessnewsdaily.com/1526-cloud-usage-growth.html