Data storage and security in the cloud

With cloud computing continuing its journey as arguably the dominant technology of the current era, so too the way we use it and manage its capabilities continue to evolve. The cloud has given us new ways to think about lots of traditional IT habits and practices, and as more and more data finds its way into the cloud, this extends to subjects like business continuity, disaster recovery and general data security.

Conventional data storage and business continuity wisdom always revolved around having safety net systems in place in an offsite location, there to provide essential backup in the event of unforeseen emergencies. The offsite physical systems – basically server farms – would pick up the load and keep an organisation’s processes and operations flowing with the minimum of disruption.

Today the cloud offers a more flexible alternative, giving organisations virtual backup locations that are remote, safer than physical locations (which are often not sufficiently far from primary sites to be considered truly secure), and significantly, the ability to access all that data from absolutely anywhere.

Big data needs big storage

The fact is that with so much data being generated by so many organisations and users, storage and security simply have to become critical business issues. Ninety per cent of the total data in the world today has been created in the past two years, and 2014 and beyond will see us generating exponentially larger levels of data. The government of Australia has put its Public Service Big Data Strategy in place, and 62 per cent of organisations throughout Australia and New Zealand now say that they have implemented a big data strategy.

Traditional IT and telecommunication providers has committed billions of dollars of investments to expanding their global cloud data centre operations, further evidence of the value organisations are seeing in leasing storage, backup and other services from specialist third-party providers.

The security need

So with more data comes greater threat of attack and greater need for security. In recent times, large-scale hacks like that experienced by a large retail chain in the USA – where data belonging to more than 70 million customers was lost – and the loss of around 3 million customers’ data from a well-known IT organisation have underlined how essential data security has become as a business issue.

Recent research estimated that global cyber crime now costs around $400 billion per year, a frankly enormous figure. Australians were hit for around A$1.4 billion in fraud in 2012, including credit card and online transactions. These breaches prompted the Australian government to act, with new privacy legislation on its way in, something that seems like a logical move as more and more data is stored in the cloud.

The shift that the cloud has made from being a ‘new technology’ to simply being something that people use as second nature has meant a change in the way hackers approach security breaches. As the technology evolves, so do the tools with which malicious third parties attempt to attack it. Social media attacks and account hacks are now more commonplace than ever, with 2013 seeing major strikes on global “brand” organisations.

With security breaches and hacking techniques becoming ever more sophisticated, cloud security measures need to be beefed up and organisations increasingly vigilant. The perimeters that we need to protect have changed beyond recognition, meaning organisations need to adapt. We’re no longer talking about protecting a circle of wagons at ground level, within the corporate network – we’re talking about a much bigger, wider world which carries more threats than ever.

The financial imperative

As with many disruptive technologies, cloud-based storage has cost implications. And like many technological advancements of recent times, it’s also about OPEX versus CAPEX. Cloud storage offers cost and set up benefits to organisations, since it is faster and easier to put in place and bring online and simply less expensive to operate. And with IT budgets shrinking but the same levels of performance and reliability still required, OPEX will continue to grow in popularity.

The cloud, and its lack of need for organisations to have expensive, dedicated technology sitting in physical locations, brings significant cost implications. The shared environment nature of the cloud means that initial investment, CAPEX, can be hugely reduced while the most cost-effective, continuous model, OPEX, can be employed. OPEX also offers organisations greater flexibility, letting them scale up or scale down their cloud security requirements as they need – something that is important as operational locations change, workforces grow or shrink and mobile devices continue to proliferate in the work environment.

The Asia Pacific region has recently become the world’s leading cyber-attack target. One reason is that the region has three of the world’s top five patent offices carrying 45 per cent of worldwide patents filed, meaning that information on prototypes and advanced stage products is held in databases here – valuable data that needs serious protection.

How can we make the cloud more secure?

By working together, organisations and cloud service partners can look to mitigate the risks involved with data storage within the cloud. Making it clear from the start about who in the relationship bears responsibility for data security is a good place to begin, since there are now more devices than ever with access to sensitive data. The long-held view of security as building walls around data to keep the bad guys out no longer applies, since so many of today’s data breaches are caused by insiders – more often than not staff members, acting either by accident or sometimes maliciously.

High level encryption tools are also essential, as is establishing policy which monitors and restricts third-party access. Real-time monitoring of cloud data can help to flag up potential attacks and provide early warnings against intrusions. By employing a structured approach to working with their cloud providers, organisations can enjoy an ongoing, mutually beneficial dialogue which keeps their data as safe as possible while enjoying all the convenience and benefits of the cloud. The cost to industry of cyber crime in 2013 rose by 78 per cent and the time needed to resolve attacks more than doubled – making cloud security a higher business priority now more than ever.

Join the CSO newsletter!

Error: Please check your email address.

Tags cloud security

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Gordon Makryllos

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place