Friday August 15th 2014 | 12:04
Practical steps you should be taking to unleash the full benefits of Cloud Computing
The last 12 months have seen have a tangible change in perception around the security of Cloud-based communication solutions. With Edward Snowden revealing the extent of international Government surveillance, in addition to data losses and breaches earning a higher level of media coverage, there has been an understandable hesitancy about procuring Cloud-based communication solutions.
However in my view, so long as the correct approach is taken, the Cloud can provide the same, if not a greater, level of security as on-premise offerings, with the added advantages of cost reductions, reduced management overhead and increased flexibility – an approach that I presented at Europe’s largest information security event, Infosecurity Europe 2014.
Manage risk with 'smart encryption'
‘Data residency’ – the concept of where your data is stored and processed, and who consequently has jurisdiction over it – has become one of the go-to reasons for avoiding the Cloud. However, a well-informed approach to data sharing can mitigate this risk.
Before undertaking any contractual agreement with a Cloud-based service provider, ask yourself the following questions:
- Does your service provider have access to your servers and data?
- Do they have the appropriate service accreditations and procedures in place to look after your data?
- Where will your data live and will it be replicated to other geographical locations?
- What are your options should you want to change providers?
If concerned about any of the above, you should probably question whether you’re using the right service provider!
In addition, by adopting ‘smart encryption’ to data that you expose to any third party provider and by remaining in control of the associated keys, you not only ensure the information is protected but also that you can track and audit it wherever it resides.
Extending the parameters of your control
The systems in place to share data securely must not only ensure legitimate distribution but also actively promote user control.
Essentially, it comes down to identifying the extent to which an end-user can be trusted (based on key factors such as the domain, browser, device and IP range being used to access the information) and being able to apply different access controls to reflect this.
For example, when sharing confidential information with a ‘trusted’ business partner – who is accessing it from an authorised domain through a compliant browser or application on a federated secure network with a verified IP range – then it would be possible to grant this particular end-user ‘full access’ (meaning they can, for example, download and print the information). Alternatively, if you have an ‘untrusted’ business partner, with whom you don’t have a federated trust relationship, then it is possible to only grant them ‘restricted access’, enabling them to simply view the information in a hosted environment.
If the information is subsequently forwarded to an unknown and ‘untrusted’ third party – or even if a known recipient is attempting to access information using a non-compliant browser or device or from an unknown location – it is possible to deny access altogether.
Embrace the Cloud - just secure it too!
At Egress, we like to call this thought-out method 'taking a risk-managed approach' - recognising the need to share sensitive information electronically, and consequently applying all suitable and available mechanisms to ensure the information is protected. In doing so, the benefits of cloud computing need not be sacrificed in the name of data protection.