Thanks to the cloud, cost-conscious organizations now have the ability to affordably and instantaneously provision large amounts of reliable, affordable storage space to enable everything from file sync and share for employee collaboration to large-scale storage for backup and disaster recovery. Infrastructure and maintenance are no longer a limitation, and it seems the sky’s the limit when it comes to storage. But the cloud comes with some security challenges. Your customers may need some help to enable truly secure cloud storage.
1. Secure the pathways
Secure cloud storage is one thing, but what about the pathways that data takes to get to the cloud storage provider’s data center? Let’s say an employee is working in the airport while waiting for a flight. The employee is using the airport’s unsecured Wi-Fi. In this scenario, any hacker eavesdropping on the airport Wi-Fi could intercept whatever sensitive data the employee accesses or uploads, including login credentials. For secure cloud storage, organizations need to either make sure their cloud storage providers use secure connections to transmit and receive data, or to require that employees use a corporate VPN to connect to the cloud storage site.
2. Secure the data
Is data secure once it’s in the cloud storage provider’s data center? The CSPs will all say “yes,” of course, but that’s not necessarily true. A security breach on the CSP side, a malicious insider at the CSP, or a government request for information directed at the CSP could all result in the disclosure of sensitive corporate information. In multitenant environments, meanwhile, an attack on an adjacent customer could end up leaking your customer’s information, too. To secure cloud storage, VARs should guide their customers towards data-centric security solutions, such as client-side encryption, that prevent outsiders from gaining access to data in the clear.
3. Know what data cannot be stored in the cloud
Finally, there are certain types of data that are simply too sensitive to be stored in the cloud at all. Data privacy laws and regulations like PCI-DSS and HIPAA forbid the storage of certain types of data outside the corporate perimeter and forbid the storage of other types of data—like account PIN blocks—at all. Secure cloud storage depends on large part on knowing which types of data must be kept behind the corporate firewall, or not kept at all. In addition to the data protected by data privacy regulations, other kinds of high-value information, such as proprietary R&D data or corporate financials, may pose too much of a risk to place in the cloud. Work with your customers to determine which of their data assets should be kept in-house, and help them find solutions such as Data Loss Prevention (DLP) to enforce their decisions.
Cloud storage can provide great benefits to the enterprise, but if it isn’t secure cloud storage, the benefits will be outweighed by the risks and by the consequences of a data breach. As a trusted security advisor and broker to your customers, you’re in a position to help make sure your customers make the right decisions as they adopt the cloud. Stay current on your cloud security knowledge to make the most of that position.