With the recent release of OS X 10.8 and the impending release of Microsoft’s Windows 8, companies are set to see a dramatic increase in cloud systems that tie directly into the operating system. While cloud systems have many benefits, including lower costs, the main issue most companies focus on is security. Recent news and events have shown that the cloud may not be as secure as you might have thought.
In this year alone, nearly every major cloud provider has had issues with their services. From natural disasters to hackers, companies have seen their data exposed or unavailable, and this isn’t the first time this has happened. In 2011, Sony Entertainment had nearly 77 million accounts hacked, exposing user’s information, Dropbox had numerous service outages, and Gmail had a 30 hour outage that resulted in 44,000 accounts being lost. The list goes on and issues since 2011 go to show that cloud providers and their systems aren’t invulnerable.
Despite numerous attacks and problems, many data centers where cloud providers have their servers are physically secure. Google’s recent security video is a good example of how secure the physical locations are.
When companies talk about cloud security however, they don’t just talk about how secure their physical location is, they also strive to protect against three other elements:
- Service outages
- Confidentiality of your personal information and control over who can access it
- Privacy of banking details and other related information
If your company utilizes cloud services there are a number of things you need to be aware of when it comes to security:
- According to all cloud providers, liability for sensitive data stored in the cloud rests with your company, not the provider.
- Some cloud vendors provide reports written by a neutral third party on the security of their service. These should be taken into account when looking for a provider.
- As with anything online, you should be taking steps to backup data stored in one cloud to a secure physical location.
- You should establish a process that encourages your employees to change their passwords at least every three months.