A “secure cloud” is not an oxymoron

I am afraid.

Those three words sum up how I’ve felt about using the cloud for my personal and work related data.

I’ve yet to take the leap of storing my iPhone photos in the cloud because, well, what if they disappear? What if the server they are stored on crashes – after all, the mysterious “cloud” is just a server in some building someplace. Or worse, what about that large paper for work that I was working on suddenly disappears or the file is somehow corrupted? What if I can’t access it when I want to from a location besides my home or business office?

What about power outages or a physical breech of the premises? Or even via the network?

More than dog photos need to be kept secure

While I doubt many people want to steal photos of my designer dog sitting pretty – although he is awfully cute – I don’t want anyone to have access to my financial data or work materials related to our products and intellectual property. So, my concerns about security are real.

Recently at work, we started to use a cloud solution to back up our personal laptops. That was the turning point for me in terms of how easy it is to use, from an end-user’s perspective. BUT, it still left questions about privacy as well as data, access and transmission security. All the intangibles from my view – the end-user’s perspective.

So, what would get me to trust and use a cloud solution?

Cloud security and privacy must be by design
To have a secure cloud solution, the situations I outlined above need to be addressed. There needs to be built-in duplicate disaster recovery capabilities, physical protection of the data center, secured end-to-end data transmission, secured storage, and access controls.

The technology to deliver that security would have to have strong encryption, authentication and access controls.

Data security’s four components
The reality is, if no one ever has access to the data and it’s never transmitted across a network, there isn’t a security issue. However, there is a huge demand for access to information from anywhere, anytime, and over any device. The cloud is a solution that can deliver what’s needed and desired. But providers must address these four components if cloud use is going to be secure.

1. Availability

Data that is kept secure from access by the wrong parties still needs to be accessible by the owner. A solid cloud security solution provides network infrastructure control that allows those with authority continuous access to their data.

2. Integrity

A secure cloud solution ensures that the collected data is maintained in its original state and has not been intentionally or accidentally altered.

3. Confidentiality

The cloud solution must make confidentiality a principle central to all processes and systems. It should only allow authorized entities and people to have access to the stored information.

4. Traceability

The last, and probably not the first one to come to mind, is traceability. A secure cloud solution provides the means to trace transactions and communications to ensure they are genuine and are labeled by time and origin.

Cloud controls
Of course, those four components are the issues a cloud provider is concerned with related to handling the data itself. In addition, controls need to be implemented for guarding:

  • Physical access
  • System access
  • Data access
  • Data transmission
  • Data input

A secure cloud network also provides incident management by using the latest antivirus software at all access points and workstations.

As you can tell, this is just a basic checklist of things you want in a cloud solution. For more details, check out this Alcatel-Lucent Enterprise Campus Network on Demand Service paper to see how you might enjoy the benefits of a cloud solution.

Although I have yet to use the cloud for my photos, I’m pretty confident that if a cloud provider addresses the above concerns and puts into place these safeguards, I would be willing to take the leap and use it as a way to safely store my precious photos. And, I wouldn’t worry about the security of my intellectual property for work!

 

About the author