iCloud, Snapchat and Dropbox: Time to nip this cloud security debate in the bud?

The recent celebrity images hacking story has, arguably more than any other scandal, put data privacy issues firmly into the public conscience.

Debate still rages about who is to blame and what could have been done to protect sensitive content stored on cloud based services, such as the iCloud.

It seems like a week doesn't go by without a data security breach hitting the headlines. More recently, Snapchat has come under fire for the leak of 200,000 images of teenagers from a third-party service SnapSaved.com, whose servers were compromised.

In addition, Dropbox appeared in the news in recent weeks as it was reported that the login details of hundreds of users were leaked.

Once again, the blame landed on another third-party, which claimed that a further 6.9 million additional logins were compromised.

>See also: Celebrity cloud hacks shine a light on data security

If the claims are accurate, the figure could represent around 2% to 4% of the site’s active accounts, which would ultimately result in a significant loss of integrity for Dropbox.

The security of cloud systems is currently under intense scrutiny and these instances raise important issues about how individuals and organisations alike store and protect their most sensitive information.

There is no doubt that the cloud offers benefits. However, it does raise concerns of whether a business can really solely rely on the cloud to store its data.

As the above stories demonstrate, data stored in the cloud can fall into the wrong hands or become corrupted.

One survey conducted last year by internet security company Symantec found that 43% of businesses had lost data in the cloud that consequently had to be recovered from backups.

Plus, the recovery process failed at least once for most of those organisations. This is alarming, yet in spite of the frequency of these problems, most cloud service providers accept no responsibility for data losses in their service level agreements.

For many businesses operating in industries that rely on strict confidentiality obligations – such as finance, legal and healthcare – this would have catastrophic economic and reputational consequences to their business.

There are increasingly strict compliance demands in most sectors, enforced by industry regulatory bodies like The Finance & Leasing Association, which stipulates that certain data should not only be kept in a specific way but also retained for a set periods of time – something that the cloud simply isn’t set up to manage.

In the legal sector, the Solicitors Regulation Authority specifies that legal firms must be able to provide it with access to inspect the firm's data, which could prove troublesome if using some cloud services.

It is quite common for cloud storage providers to subcontract elsewhere, which limits control and access to sensitive information.

Regulatory requirements aside, businesses need to check to see whether their data is being stored in compliance to laws of their country, and not just the laws of where the cloud server is hosted.

Many cloud servers are based in the US and therefore operate by US law. UK-based organisations must ensure compliance with the EU's Data Protection Directive, which outlines standards of protection throughout the EU.

A current incident in the financial services sector highlights the importance of a tiered approach to data. Recently it emerged that JPMorgan suffered a massive cyber attack on 76 million private and seven million business customers in the US.

The hack gathered the names and addresses of the company’s customers and the hackers are now linked to possible attacks on at least 13 more financial companies.

This again shows how crucial it is for the most important data to have a different strategy for less important data. For business critical information, tape storage is still a powerful tools as its benefits from a 99.99% reliability level, as well as robust security.

Whilst the cloud poses issues and concerns for businesses in managing their data, there are solutions available that’ll offer the same levels of accessibility, but with the added benefit of tighter security and greater flexibility.

>See also: Is cloud good or bad for your work-life balance, and does it really forfeit your privacy?

LTFS (Linear Tape File System), for example, was launched in 2010 by IBM but is a little known technology in the marketplace. LTFS was specifically developed to address tape archive requirements – improving access time for data stored on tape.

It can be a concern for many organisations that archived data will not be readable in the future without the use of specialised software. However, LTFS increases the likelihood that stored data will be legible because of its open-standard format.

Equally with the imminent launch of LT07 and the announcement from leading vendors like HP, IBM and Quantum that they will be investing in Generation 9 and 10 LTO tape technology that’ll boast larger capacities and speeds, it is evident that there are other solutions out there that will effectively meet the growing demands around data management and storage.

Using cloud services in a business environment has risks and therefore should be supplemented with other data management tools in order for information to be managed correctly and securely, significantly reducing the risk of data protection issues.

 

Sourced from Lee Holsgrove, Wincanton Records Management

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics

Cloud Security