Cloud computing can free up IT staff time by moving some of the more time-intensive services to a cloud environment. No longer will IT personnel be responsible for maintaining, troubleshooting, testing and upgrading any resources that are migrated to the cloud. They may finally have time to work on those back burner projects that never seem to get done, not to mention take that vacation time they’ve been building up since 2005.
As much as the cloud offers freedom for collaboration and time management savings for personnel, your IT staff members have an important role to play regarding the security of cloud hosting. The enterprise host offers some security measures. Data stores offsite may be more physically secure than data on an office server; enterprise hosting also offers backups, redundancy and mirroring to protect your data. While this offers great potential for physical hosting and archiving of data, cloud storage isn’t perfect. One area where cloud hosts need to do more–and thus where IT staff can help out–is around security, as evidenced by recent security breaches.
In 2011, cloud storage provider Dropbox accidentally turned off user passwords. For a period of four hours–before the security breach was fixed–anyone could access any Dropbox files or folders by typing anything in the password text box. There were no safeguards protecting data. The breach happened when Dropbox tried to fix website code, but accidentally created a flaw in the authentication that turned off the passwords. While Dropbox fixed the problem within five minutes of discovering it and notified users whose accounts had been logged into during that time period, the event still raises a red flag for enterprise hosting and cloud providers. Dropbox posted about the incident on its blog and did not notify users if they thought their accounts weren’t compromised.
The Dropbox gaffe could have been avoided had the faulty code been tested after implementation, or with proper alerts in place. Since any sequence of numbers or letters unlocked the data, real users had no way of knowing about the security breach. Both the correct password and a hacker’s try of 1234pw would access the data. Dropbox apologized and seemed to fix the immediate problem fairly quickly, but the larger issue still remains: when your data’s out of your hands, you deserve the utmost security to protect that data. Additionally, some users were so upset they sued the company, claiming they weren’t notified by Dropbox, and had to find out about the breach through the news.
Additionally, no standards exist at present that address enterprise hosting. What one provider offers may be very different from the services provided by another. Unless someone in your organization does deep digging on cloud services, they may not have dependable answers on the level of service provided, service security and what really happens in the far-off server where your data is now hosted. Standards can protect the end user by developing a minimum acceptable platform for security, data storage, authentication and the like.
Because there aren’t many regulations, many cloud providers have a page on their site that explains data center security. Enterprise hosting company Rackspace, for example, lets customers (and potential customers) know their security measures on their datacenters page. They do extensive background checks on all employees, have keycard protocols backed up with biometric scanning and surveillance monitoring to prevent unauthorized data access. In addition to that, they also have plans in place for HVAC failures, fire suppression, power outages, and even extended power failures. When you’re choosing a hosting company, you’ll want to make sure your data is completely protected, even in the worst of circumstances.