While reading a recent news article 1.5million account numbers hacked after Visa and Mastercard card data theft I started thinking about how much of my personal and business data is kept on somebody else's cloud. In todays networked environment you have your profile information on social networking sites, financial information with credit card companies and banks, and your business information on many cloud networks.
Most of the business websites (like ours) will adopt most well known security measures like SSL (secured socket layer), password protection, roles based access etc. However, looking at some of the techniques that hackers uses to get into the most secured sites (like CIA, Government and Banks etc.) makes people look at the security statements from service providers with skepticism.
The business data that was once stored on private computers is outsourced to other companies. On individual level this can be facebook or your email service provider. On the corporate level cloud computing results in savings of hardware purchases and maintenance cost. The flip side is that you have no idea who is managing the computers with your information, whether there is an adequate protection of your data or if it is already compromised.
We have customers that do not even let us enter their firewall for screen sharing and customer support. Your in-house computers may already have firewall and virus protection in place to protect your data. In cloud environment these safeguards are difficult to maintain, at least for small organization who cannot afford a private cloud.
Here are few tips that I have thought of to make your cloud computing safer:
- Make sure that the cloud computing vendor does not store your password in clear text. Losing the data is harmful enough, but if you password is compromised, you may give away all your other accounts where you may be using the same password.
- Find what contingency plan the company has to recover from catastrophic failure.
- Find out your true cost. In many cloud computing environments you are paying for computing time, storage space, ip address and bandwidth. For example if you are a home user, you may want to weigh the cost and benefit of purchasing an external hard drive compared to cloud storage for backups.
- Make sure you understand the terms of service and backup plans. Read all the fine prints on the contract.
- If the cloud offering provides role based security, carefully plan who in your organization should have privilege to access the data. Give the lowest privilege possible.
- Make sure that the computer you are using to connect to the cloud is virus and malware protected. If your internet access gets compromised, data in the cloud will be compromised or of no use to you.
Many organizations today are moving to private cloud that are hosted outside the premises but they have the same level of control as in-house systems.
Photo courtesy flickr, creative commons attribution