Explosive growth in unstructured data is driving enterprises toward cloud storage to reduce their fully-burdened storage cost.
MarketsandMarkets’ recent report estimated the worldwide cloud security market to be worth nearly $9 billion in 2019, up from $4.2 billion in 2014.
Interestingly, 50% of respondents from the Cloud Security Alliance said storage was their organization’s most risky cloud application (see report here).
And a May Storage magazine survey on cloud revealed security as the top cloud storage concern.
A harsh reality
Executives realize data breaches are on the rise. At the same time IT leaders know they need a cloud storage strategy. Meanwhile, defensible deletion is a nice idea that the fading records management community likes to talk about, but let’s face it: the practice is rare.
And even if your organization is deleting some of its data the amounts deleted likely aren’t enough to make a dent against the typical 40-60% compound annual growth rate. (Consider that such a growth rate means your data volumes are doubling in size every three years!)
The reality is we have no choice but to find a more economical way of storing our data. And the cloud, particularly public cloud, offers us the best financial model. But what about security?
Is the cloud secure?
Is the cloud more or less secure than your on-premise data storage infrastructure? I believe this to be a loaded question. I’ve seen many organizations’ IT and security practices make cloud storage look like security bliss.
On the flip side, as we’ve built out HubStor, particularly the connector architecture for securely getting on-prem data to the cloud, we’ve encountered several decision points in the design and development of the software where shortcuts or the easy approach would have introduced vulnerabilities. What’s frightening is that some of these “easy approaches” are common practice.
Cloud storage security considerations
Cloud storage security has many factors. Your end-users play a major role, obviously. But here are some considerations, beyond the usual security practices, that we hope help as you deliberate over your cloud storage security needs:
- Keys to the kingdom – This is sort of Security 101, but pay close attention to how your apps handle access to your cloud storage containers (e.g. API credentials to your cloud storage being stored by the application).
- PII detection – We often hear that certain data needs to remain on-prem, but the reality is that it isn’t enough to filter before you send (although that’s a good practice). A cloud storage solution should have built-in PII detection and tagging so that you can know at any time what sensitive data you have in the cloud.
- Access and sharing – You need to be able to monitor access rights and sharing, both internal and external, to have a complete picture of what data can be accessed by whom (and vice versa). And an access governance capability that enables privileged users to revoke and manage access is ideal too.
- Activity intelligence – You should know what’s happening with your data stored in the cloud. Automated reporting and alerts are essential.
- Data leak prevention controls – Cloud Access Security Brokers (CASBs) are a hot technology, but ideally your cloud storage has native DLP that you can leverage to animate your security and compliance policies. Tying together PII detection, tagging, access governance and the underlying activity intelligence, you should be able to define alerting and blocking policies. For instance, sensitive data shouldn’t be shared with external users. Block the sharing and get the alert.
Cloud storage security is something we’ll be talking much more about in future posts.