Security Threats in the Cloud

While many organisations are using cloud based file data and email management services provided by external organisations, a number of other organisations are reluctant to do so because of their concerns regarding data security. These concerns relate to data being accessed whether in transit between the cloud vendor and the client or when it is static within the cloud. Here we look at some of these concerns and suggest that they can all be addressed by the proper use of cloud email and file data encryption.

The first concern is that if the number of locations where sensitive data is stored is increased, then the risk of it being accessed by unauthorised personnel and outsiders is increased. When data is held in the cloud there is frequent replication and relocations, for instance when moving it to new updated storage faculties. There is also a danger of data being accessed from old equipment after is has been disposed with. However it is easy to mitigate these risks by simply encrypting the data before is placed in the cloud.

This still leaves the second concern which is the risk of unauthorised access by the personnel of the cloud vendor. Although there is always the possibility of in-house personal falling victim to coercion or bribery, on the face of it this would seem to be less likely in a small team of people than with the often ‘faceless’ staff working for the cloud vendor. However again this perceived risk is mitigated by the client retaining the encryption keys which means that the cloud provider does not access the actual content of the emails and files.

The third perceived risk involves the use of wide area networks that connect local area networks and storage area networks. There is always the theoretical possibility of one company’s data being accessed by another company. This might occur due to an equipment malfunction; a software error; human error; and through criminal intent; however again this risk disappears if all static data is encrypted.

There are also concerns about the safety of data should anything happen to cloud vendor. Companies do not necessarily exist for ever; for instance there is a possibility that the vendor could be bankrupted; move into different and for them more important business areas; be bought or taken over by another organisation; be subject to changes in local jurisdiction as the result of a war or a coup; or suffer a physical catastrophe such as an earthquake. In such circumstances encryption will keep the data away from prying eyes, and keep it safe while it is migrated to an alternative vendor. However there is always the danger that the data won’t be deleted from its original source as required which could leave the client in risk of failing to comply with legal retention and deletion requirements.

Many cloud vendors have addressed all of these concerns; for instance please refer to the Mimecast website for further information on how client data is protected and remains one hundred percent secure even in the event of catastrophe. All organisations which are considering cloud based email and file data management are advised to apply due diligence to their intended vendor in order to lay rest to any residual security concerns they may have.

Leave a Comment