ENJOY THE FULL ARTICLE!" />

Data Security In The Cloud: Solutions For Consumers And SMBs

by cloudtweaks on May 31, 2012

in Backups, Business, Cloud Computing, Companies, Computing, IT, Microsoft, SaaS, Security, Storage, Technology

Data Security in the Cloud: Solutions for Consumers and SMBs

A recent small business cloud computing survey from Microsoft found that a chief concern of potential SMB cloud customers is the security and privacy of their data. A full 70% of small businesses are concerned about where their data is stored. Just over half of all SMBs cite data privacy as a potential deal breaker for adopting cloud services. And only 36% of businesses think their data is as or more secure in the cloud than their current on premises solution.

Most data security and privacy concerns revolve around four general scenarios:

  1. Hackers compromising data center servers that contain customer or proprietary information.
  2. Hackers “sniffing” improperly secured network traffic.
  3. Data center employees accessing (and possibly sharing) confidential information, especially within a corporate espionage or financial cyber crime context.
  4. Employees losing improperly secured laptops or mobile devices with saved credentials for accessing cloud services.

Thankfully, simple and relatively inexpensive solutions exist for all of these concerns.

Local Data Encryption: Most cloud storage services offer end-to-end data encryption as a standard feature. Unfortunately, relying on a storage provider’s encryption could still leaves data vulnerable to data center employees or hackers who directly compromise the data center’s servers. The simplest method for cloud storage customers to ensure data security is locally encrypting files before uploading them to the cloud. Programs like BoxCryptor allow one-click encryption of individual files or folders.

Encrypted Backup Services: For customers who rely on the cloud for automated backup (without the hassle of individually encrypting files) a third party backup tool can provide an additional layer of security. For example, Duplicati will locally pre-encrypt all designated files using a single user-provided encryption key before automatically archiving and uploading data to a cloud storage provider of the customer’s choice.

Email Encryption: Companies that share confidential information via email should seriously consider PGP for Outlook or GnuPG for Thunderbird. These products encrypt individual email messages using 256-bit AES encryption. Users who prefer webmail can also use FireGPG for Mozilla Firefox to encrypt their email. Email messages encrypted with PGP or GnuPG require that message recipients know the sender’s unique encryption key to decrypt and read the contents of a message.

Third Party Services and Appliances: An entire industry has sprung up around data security in the cloud. Porticor is an example of one such company. The Israeli startup combines a virtual cloud appliance and key management service to securely encrypt data stored in the cloud for Microsoft and VMware cloud applications. Porticor enables companies to run applications in the cloud while keeping their data encrypted.

A number of third party apps, such as Lookout Mobile Security, also exist for locking or wiping mobile devices that may contain saved credentials for cloud services.

HTTPS vs. HTTP Web Services: Many websites offer both HTTP and HTTPS versions of their apps. HTTPS combines the standard HTTP web protocol with the SSL/TLS encryption protocol to provide secure end-to-end data transfer over the Internet. Users concerned with data security should select services which offer the much more secure HTTPS protocol.

When properly deployed, most of these solutions are all but foolproof, but they do require both employee training and commitment. For such security measures to be effective, businesses must invest time and effort into communicating the importance of data security and reinforcing standard security routines.

By Joseph Walker

(Disclaimer: CloudTweaks publishes news and opinion articles from different contributors. All views and opinions in these articles belong entirely to our contributors. They do not reflect or represent in any way the personal or professional opinions of CloudTweaks.com or those of its staff.)

Tagged as: backup service, backup services, backup tool, Cloud Application, Cloud applications, Cloud Computing, cloud services, confidential information, corporate espionage, data encryption, data security, encryption protocol, HTTP web protocol, Local Data Encryption, Microsoft, mobile devices, mobile security, one-click encryption, privacy concerns, recent small business cloud computing survey, secure HTTPS protocol, security measures, storage provider, storage service, storage services, the cloud, vmware

.

This post has been provided by who has generated 1427 posts on CloudTweaks.

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. We are proud to offer contributions by our own writers as well as authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...

1 comments
  Livefyre
Newest | Oldest
sarojkar
sarojkar

Cloud providers have controls and can help with encryption and authentication, but businesses have to select the right security controls. According to a new report by IDC (http://bit.ly/KTgheN), SMBs spending on data security technologies will exceed $5.6 billion in 2015. Endpoint, messaging, network, Web, identity and access management (IAM), and security and vulnerability management (SVM) are six areas that SMBs will invest more in terms of security. Data privacy, security and reliability are important to a company's success - another report from Intermedia (http://mwne.ws/JE1Fjl) suggests.