GreenPages Blog

As an IT professional, you need to stay current on all things tech; with articles from industry experts and GreenPages' staff, you get the info you need to help your organization compete and succeed!

All Posts

Is the Cloud the Next Iteration of Data Security?

Sitting in a meeting with a partner of ours, who provides cloud-based desktop and application services, I was struck by a statement by one of the company founders.  He said “Yes, we provide customers with an efficient way to access their corporate data, consume application resources in the cloud, and drive down costs.  But I’ve always maintained that our number one value to our customers is that we protect and secure their data.”

An interesting take, considering that the #1 concern many have over using cloud services is the protection and security of corporate data in these multitenant, shared platform environments.  His contention is that with a company’s data and access tightly controlled via a defined set of technologies, protocols and service level agreements, the chances of leakage are vastly less than in the traditional LAN environments.  And, I have to say, it makes a lot of common sense. 

Keeping control of your intellectual property and private dataset is a challenge that goes back to the Stone Age.  Man guarded any information that may affect his ability to survive, such as the location of good hunting grounds or where drinking water could be found.  He did this by keeping the knowledge to himself and passed it down by word of mouth to the next generation.  In this manner, the information could not be stolen or misused, unless that next generation chose to do so.

Early libraries were a way of controlling access to information and knowledge, by centrally locating the data and putting protections around it.  Even today, public libraries have safeguards that require some form of identification, and they maintain records of access. 

In wartime information that needed to be secured but also distributed lead to the evolution of coding and cyphers.  Codes could be broken through brute force or via defections, and so the need for constant monitoring and evaluation of the validity of the coding process was instituted.  In this way, data no longer had to be centralized to be secured. 

Unless everyone in your organization has a photographic memory, you have to put your trust in external solutions at some point.  Think about your current “private” network.  You rely on various technologies to provide protection:  your firewall, AV/Malware scanning, disk encryption and device access control, etc.  But are those solutions really YOUR solutions?  Did you write the code and create the protocols?  No, you selected a set of solutions that mapped best to your own requirements.  Sure, you have the ability to adjust and modify, to some degree, the configuration and implementation of these controls.  But it eventually comes down to trusting in the creators of the solutions.

Even in today’s most sophisticated environments, the risk of exposure is ever present.  I recently read an article about the infection of exclusive networks controlling the Air Force drone fleets.  While the networks are encapsulated, mobile drive devices were used to move data out and back into them.  So, while the technology used to secure these networks was sophisticated (and I’m sure VERY expensive), it all came down to a PIC (problem in chair) event.

Your “private” network is mainly made up of a mixed bag of components that all have their strengths and weaknesses.  Not to mention that you put that technology directly into the hands of a group of users who may or may not have your best interests at heart, or who may become disgruntled, dissatisfied or persuaded to violate your trust in them.  So, keeping that in mind, if you were to physically remove the data from the people, isn’t that inherently more secure? 

As we have progressed technologically, the ways we protect our data have had to evolve, but the basic principles remain the same:

Identify the risks

Define what techniques are necessary to provide protection

Enable access only to those required

Negotiate penalties and punishments

Test your security measures

Investigate breaches

Train your people

Yesterday’s solutions are today’s vulnerabilities (ok, a little weak but I need the Y…)

The argument’s pro and con on the ability to secure data in cloud solutions will probably go on forever.  Every breach will probably lead to wails and protests amongst the detractors.  See, they will say, you can’t secure what you don’t control.  Trust no one but yourself.

Some of the greatest breaches (per have been made on data assumed to be secure because it was on a corporate controlled system when stolen:  Heartland, TJX, Sears, CardSystems.  Have these breaches greatly altered the way we conduct business today?  If you think so, ask yourself these questions:

Do you still use credit cards at retail stores?

Do you bank online?

Do you only pay government fees with cash?

EZPass anyone?

The moral here is that you trust the security partners and vendors whose products and services you utilize on your private network.  AND you trust your users not to abuse the confidentiality assumed by their employment.  The basic principles of security are not foreign ideas or technological impossibilities in the cloud space.   Do your homework, trust in your selection process, and think of how to utilize cloud services to enhance your data protection and security profile. Your thoughts?

Related Posts

What Is Zero Trust Security?

By Jay Martin, GreenPages Security Practice Lead Security is top of mind for strategic thinkers in the C-suite and IT department. But what is a "zero trust" security framework and how does it benefit your organization?

The Pros and Cons of Cloud-Only or Cloud-Native SaaS

By Josh Morganthall, GreenPages' Senior Solutions Architect, Microsoft Cloud Over the past few years, companies have embraced the cloud-only workplace model: swapping out their on-premise software and servers for cloud-only “software as a service” (SaaS) solutions. Read about the pros and cons of going SaaS and how companies weigh all the options before deciding.

Tech News Recap for the Week of 10/03/22

If you had a busy week and need to catch up, here’s our recap of tech stories you may have missed the week of 10/03/22!