ÃÛÌÒTV

Data Security 08-10-2013

Is Data in the Cloud Data at Risk?

ÃÛÌÒTV

Everyone is talking about "the cloud", but is enough emphasis being placedÌýon securing the cloud?

The general trend recently has been to move more of the day-to-day business applications to the cloud.

Typical tasks we perform that requires installing software, is now provider by cloud servicesÌýover a browser and is accessible in a matter of minutes.

Cloud computing is here to stay

The traditional cost of licensing and maintenance of tradition software or services has created an opportunity for cloud service providers to offer instant access to fully managed alternate systems.

Cloud services today enable instant access to accounting, HR, customer service, and other business critical systems eliminating the cost of software and overhead of managing hardware.

But what happens to your data once you it's linked to a cloud service is an entirely different story. How that data is transferred, stored, manipulated, and how much access the cloud service provider has to your data are critical questions that have to be considered.

Administrators should fully consider the security implications of data storage in the cloud and how they can ensure that the cloud services they rely on for doing business are fully secured and prepared against known vulnerabilities and threats.

SSL Encryption is non-negotiable for data in the cloud

SSL Certificate encryption is the backbone of security for enterprises and administrators who utilizeÌýcloud services. SSL encryption should never be option for cloud data and administrators must insist that data in the cloud is always encrypted during transfer and storage.

SaaS providers should makeÌýinternal database encryption a top priority and that internal service policies reflect the need for consistent encryption use throughout their systems.

Connections made to any cloud service or online system should be authenticated and encrypted using only high assurance SSL Certificates. Cheap SSL Certificates that provide no identify verification are never suitable for the exchange of secure data across enterprise systems.

Organizations that depend on cloud services should only trust and rely on certificates that provideÌýfull identity authentication, like the Extended Validation SSL Certificate, due to their strict identity checking process.

Furthermore, administratorsÌýshould make sure than any use of SSL is properly configured and deployed according to security best practices. The ÃÛÌÒTV Certificate Inspector is the perfect platform to audit the security of your cloud service.

Certificate Inspector allows administrators toÌýdiscover misconfigurations with certificates and possible serverÌývulnerabilities, such as problematic ciphers, such as weak keys, untrustedÌýcertificates.

Cloud service providers should lead in security adoption

Typically, cloud service providers only think of their customer-facing website for EV certificates, but this needs to extend to all communication methods, such as API's, web services, and automation capabilities.

For example, Twitter recently announced that it was forcing the use of HTTPS for any developers orÌýapplication utilizingÌýany of the Twitter APIs. We think that all cloud service and SaaS providers should do the same.

Organizations need to ensure thatÌýtheir cloud service providers they follow the latest security industry guidelines andÌýbest practices for online data security in order to assure that the third-parties upon which they rely do not put at risk their systemsÌýor sensitive customer data.

Real benefit from a secured cloud

There's a great potential for damage in turning over your sensitive data to outside organization, regardless of the benefit gained from the service they provide. Cloud services aren't automatically bulletproof. Customers should never assume that vendors have proper security configuration.

By becoming more familiar with a service provider's practices and using online monitoring servicesÌýlike Certificate Inspector, you can rest at ease that your cloud provider is keeping your data safe. Asking cloud services for more details into how security is performed is always appropriate and good sense.

The cloud offers benefits for companies, but they need to be sure that their cloud storage providers as well as the third-party vendors deployed by their providers are reliable and trustworthy.

UP NEXT
PKI

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories

07-03-2024

What is a CA’s Role in delivering digital trust?

11-27-2024

6 actionable ways to secure the IIoT at every stage

Tracking the progress toward post-quantum cryptography

The state of PQC since the publication of FIPS 203, 204 and 205