Privacy and security considerations when using the public cloud

Clichéd as it may sound, security and privacy are probably two of your most important considerations as an IT executive. This becomes all the more important at a time when it seems the entire world is moving to public cloud-based storage, with enterprises willing to have their data be stored with a third party. The benefits to this trend are many, but so are the risks.

As innocuous as it may seem on the surface, when your organisation’s data is with a third party, no matter how trusted they are, there is always a possibility that it can be used in unintended and (sometimes unscrupulous) ways. Though most of the time, cloud service providers will claim that your organisation or employees are not identifiable by the information they provide, you can’t ever feel completely at ease when your enterprise data isn’t private.

Anticipating public cloud issues

The problem arises when the data is used for purposes you didn’t anticipate. What happens when the cloud provider hosting your organisation’s data is bought out by another? Worse still, what happens when there’s a security leak that allows anyone to look at your enterprise’s files stored on the cloud? There have been many instances in the recent past where organisations and individuals have had their data compromised.

Former Google Chief Executive, Eric Schmidt is on record as saying: 'I think judgment matters. If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place, but if you really need that kind of privacy, the reality is that search engines including Google do retain this information for some time, and it’s important, for example, that we are all subject in the United States to the Patriot Act. It is possible that, that information could be made available to the authorities.' This is, unfortunately, a pretty standard position towards privacy that most public cloud vendors are forced to take.

Do you have control of your data?

As we move more and more into a cloud-based ecosystem, almost all your enterprise data is stored on servers several miles away. You don’t have any control over how many copies are created, or backed up. You don’t even know for sure whether the data is actually deleted when you ask for it to be deleted – or if all copies of it got deleted. You simply have no control.

Security and privacy aren’t just about having all of your data confidential; it’s about having control over who gets to see what, what happens to it and deciding when it should be destroyed.

Taking steps to protect yourself

Make educated choices about what your company is putting on the cloud. There may be certain types of data and workloads you can easily put on the public cloud and some others that you may not be comfortable with. Many public cloud vendors assume that you, as a customer are making that choice when you decide to let them host your data or workloads.

Verify the credentials of the cloud provider and along with SLAs and other parameters check out their security practices. Most importantly, read their Privacy Policies. Many times, privacy policies aren’t so much about ensuring your data’s privacy as they are about listing what rights the cloud provider has to do what they’d like with your data.

Consider encrypting your data and your workloads on the cloud to ensure privacy and prevent misuse of your data. Also Look at technologies like CASB. A privacy gateway or secure storage gateway can help encrypt your data on-premise before it leaves to go to its public cloud destination.

Anand Prahlad at Parablu