I have been working with cloud technologies for more than six years now as a user, an adviser, a public speaker and a reseller. In that time, the cloud has become compelling, with prices dropping significantly as more people adopt the technology.
Despite this, I am always asked: “Is the cloud secure enough?” Today, my answer is that large cloud service providers (CSPs) work very hard on protecting your data and probably do it better than your business does.
There remains, however, the issue of governance and privacy, or what is referred to as control of the data – the ability to dictate who can see and read the data, to control access to archived and backed-up versions and to stop others reading it on the server or in transit.
The CSPs cannot guarantee that your data. By this I mean that there are too many scenarios where your data can get into someone else’s hands. As with data sitting on your own servers in-house, your data in the cloud could be accessed by hackers. The other angle is that the cloud provider may have reason to look at it or to reveal it to a government authority.
There is already a court order in the US for Microsoft to reveal to the courts data stored in Ireland. This will be held up in appeal for a while, but it is too late for the organisation involved to conceal the data.
Encryption solution
A solution to this problem exists, in the form of an encryption gateway. While it is possible for each person to encrypt the data at their PC, this is cumbersome and tends to break product features such as indexing and searching. A gateway at the edge of your private network or LAN can encrypt data as it heads for the cloud, providing data control for the organisation without end users doing anything.
For organisations with strict governance in place, lack of data control has taken cloud computing – or more specifically, Software as a Service (SaaS) – off the table, For credit card information, PCI rules would prevent this sort of use. For some firms, it is privacy legislation; for others that are less constrained and more progressive, cloud may already be in place.
With an encryption gateway, these constrained organisations can now take advantage of the low-cost solutions offered by SaaS and remain compliant. Early adopters of cloud solutions can add encryption to reduce the risk to which they are already exposed and become compliant again.
If the cloud software you are looking at is Microsoft-based, then New York-based Vaultive (vaultive.com) offers a great encryption gateway. The R&D for this product has been done out of Israel since 2009, when they perceived the problem and started working on the solution.
A disclaimer here; the ability to seamlessly encrypt data in the Microsoft cloud seemed so compelling to me that my company, Combo, has set up the local operations of Vaultive. (I am now managing director of Vaultive Australia)
Here’s how Vaultive works. Its gateway sits at the edge of an organisation’s network and applies 256-bit encryption to all data travelling to key Microsoft platforms – Office 365, Yammer. OneDrive, SharePoint, Dynamics Online and others. The result is that data is perpetually encrypted in use, in transit and at rest. Data destruction, even of backed-up data, is now just a matter of removing the encryption keys that the data was encrypted with.
For other SaaS providers, there are other solutions that are worth finding and researching (see box opposite) if this level of data control is important to your organisation.
The gatekeepers:
. Boxcryptor (for Dropbox, Google Drive, Microsoft OneDrive etc) – boxcryptor.com. CipherCloud (for Office 365, Google Drive, Salesforce, Box, Amazon Web Services) – ciphercloud.com
. Perspecsys (for selected cloud apps, including Oracle, Amazon Web Services and Salesforce) – perspecsys.com
. Vaultive (for Offic 365, Yammer, Microsoft OneDrive, SharePoint, Dynamics etc) – vaultive.com
