What is important for data security in the cloud (with related video)
GPN reached out to Jeff Denworth, senior vice president of marketing at CTERA. The New York-based company provides a cloud storage services platform. Here are the views of Jeff Denworth.
GPN: How does the cloud tie into data security in government?
Jeff Denworth: The cloud (or cloud technologies and services to be more precise) is not inherently less secure than any other technology or infrastructure, but it does require that certain measures be taken, especially in the case of cloud services that are hosted and run outside the government organization.
Rather than entrust data to multi-tenant public clouds, government organizations should use infrastructure that is “cordoned off” specifically for their use, a concept known as a “virtual private cloud” or VPC. This ensures that strict security measures and compliance guidelines are followed across all aspects — from datacenter operations and physical access controls, to network security, to data and application security.
GPN: What cloud applications in local and state governments are most vulnerable?
JD: Cyber-attacks and data leakage have become more sophisticated over the years, and today it is possible that a small vulnerability in a relatively benign application will open the door to major data breaches in other applications. Any applications open to the public via the web are probably the most obvious entry points.
GPN: Do you have any advice for local government officials on data security as they implement an IT setup that includes a cloud component?
JD: Think of data security in the larger context of data governance and privacy. Security isn’t just about preventing attacks; it’s about data not reaching unauthorized users regardless of how it got there. For example, many employees may use unsanctioned file sync and share solutions to send sensitive files to each other or across their own devices. For the organization, this is unacceptable, because it has no way of tracking those files and enforcing any kind of policy.
Government agencies should have policies on data sharing, and should offer employees secure alternatives based on their private or virtual private clouds, that make it easy to share files in the same manner. The alternatives should include security measures like encryption, password protection, cloud sync policies and a full audit trail.
Encryption in particular is crucial — data encryption should be source-based, i.e., be performed on the endpoint before the data goes out to the cloud. The sharing alternative should give the organization sole and full control over the encryption keys. This is the only way to ensure that even the cloud provider’s administrators cannot access the data.
GPN: What is important, from a cloud/data security standpoint that governments need to focus on?
JD: Understand that even if your data is stored in someone else’s datacenter, the responsibility for protecting your data lies only with you. Take the necessary measures to understand security controls implemented by your provider, and ensure that your data is encrypted at the source and that you have sole ownership and control of the encryption keys.
Thank you, Jeff Denworth, for your views.
CTERA’s offerings bridge the gap between cloud storage and local storage. According to the company, the firm’s products provide optimized performance and end-to-end security. CTERA’s solutions accelerate deployment of cloud services and eliminate the costs associated with file servers, backup servers and tape drives.
The video offers a one-minute overview of CTERA’s Cloud Storage Gateway appliances. Use the products for branch office and remote office storage modernization, backup and disaster recovery.