The reality of cloud computing has been around since about 2006 when Amazon and Google began to use the term in widespread campaigns. In that time, it has grown in popularity to the point that 3.6 billion people users now use this format.
In fact, 97% of all organizations, both public and private, use cloud services and 83% of those use the cloud to store sensitive data. The reality that so many use the service to save sensitive data has many people concerned, especially when it comes to security.
Who is responsible for maintaining the integrity of these files and preventing them from being hacked? With that in mind, let’s examine what is involved in cloud security.
Responsibility
Contrary to what a lot of people may think, the security of the data stored on a cloud platform is not wholly the responsibility of the service provider. Instead, it’s the owner of the data who is ultimately responsible for what is stored in the cloud and for keeping it secure.
Companies or organizations need to carefully review the contracts with the cloud service provider to ensure they fully understand what they’re getting into when they sign up for the service. Specifically, they need to verify that the company maintains ownership of data stored in the cloud and they can retrieve this data should they wish to terminate the cloud agreement. Furthermore, the contract should specify the minimum levels of security provided by the cloud provider as well as what will be done to rectify the situation if those levels are not maintained.
Types of Cloud Servers
There are a variety of different cloud servers and the levels of security vary depending on what type is chosen. These include:
- FedRAMP—The Federal Risk and Authorization Management Program, also known as FedRAMP, gives a “standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.” This is a certification level confirming that the provider has met the standards for security that the federal government requires for its cloud services. However, special options such as encryption do often come at a higher price.
- Public Cloud—This is probably the most common format for cloud storage. Each company that offers cloud storage should have significant firewalls and other security protocols that ensure that the data is protected from hacks or breaches. The public cloud companies, including Amazon, Google, Windows, Sun Cloud, and IBM, employ some of the top experts in their fields to provide security for your data. However, because they are “name brands” and large companies with high volumes of data, they are high-profile targets for hackers hoping to earn a name for themselves.
- Private Cloud—If a company has the funding to support a private cloud, it can be a good long-term choice. Once you get the system up and running and the start-up costs out of the way, the systems can run very smoothly and with less interference from hackers since they may not see the company as a major target. Here, it will be your company’s responsibility to employ your own security experts to secure your files. The advantage to this is that you obviously won’t have to worry about leaving your security to the mercy of someone else. The disadvantage is that it will cost substantially more to employ such a security expert (or experts).
Understanding the legal responsibilities of cloud computer storage can be a complex undertaking. For example, the cloud server may be located in one jurisdiction, while the person the data is about might be in another jurisdiction.
Ultimately, it’s the responsibility of the person storing data to protect their passwords and approved access points to prevent hackers from gaining access to this data. In the event of a hack of the cloud provider, the companies often have language inserted into their contracts to protect them from liability. The responsibility lies with the person entering into the contract to understand this and take measures to protect their files.
INSUREtrust is committed to keeping you digitally safe. To learn even more about the details of preparing your company for a cyber-attack, download our free Incident Response Plan Guide. Have questions? Contact us for a free consultation.