Q

How can cloud providers offer sensitive data protection?

Cloud expert Mooney Sherman offers tips on how to evaluate various security architectures to provide optimal sensitive data protection in the cloud.

How can cloud providers offer sensitive data protection in a cloud environment? Is there a way to ensure that highly sensitive data, such as Social Security numbers, will be safe in the cloud?

Not all data is suitable to be, or should be, stored in the cloud. Risk assessment and analysis is also required. In my opinion, the stakes are too high for sensitive data to reside in the cloud, even if the data is encrypted. One exception is when a private cloud is being used on a customer's premises.

Security, privacy and compliance become shared contractual responsibility between the cloud provider and the customer, but, ultimately, it is the customer that is liable. Like warranties, a cloud provider's liabilities are limited. It's important to remember that once sensitive data is placed in the cloud, the organization no longer has full control.

Various schematics and techniques can be used to minimize the risk of unauthorized access and sharing, but it is well accepted that 80% of data theft and fraud occur internally -- so why should this be any different in a cloud provider's organization? In reality, it may not be that high, depending upon the customer's deployment and extent of control.

Increasing numbers of cybercriminals will shift their attack target to cloud providers since the payload of sensitive data is huge from multi-organizations. Once a hacker manages to penetrate the parameter of the provider, all organizations become fair game.

To provide security in depth, cloud providers will need to consider and evaluate various security architectures by performing the following:

  • Disk encryption versus data encryption
  • Vigilant monitoring of their infrastructure and its employees
  • Configuration of all systems to delete temporary files and encryption keys upon ending the session
  • Careful management and prompt destruction of system snapshots when they are taken by system administrators (these snapshots  should also be carefully managed under strict policies and procedures and destroyed as soon as their purpose is fulfilled)
  • Provisioning the ability to detect rogue virtual machines
  • Ensuring that privacy and compliance requirements of a customer are not breached
  • Conducting regular internal and external vulnerability assessment and analysis
  • Conducting audits daily, since the network is dynamic

Note: The above tips are not meant to be comprehensive.

This was last published in March 2013

Dig Deeper on Cloud and Managed Network Services

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchNetworking

SearchDataCenter

SearchCloudComputing

SearchCloudProvider

Close