I just found an interesting article about securing your data in the cloud. Now that cloud computing has gained quite a number of followers, it will be good to understand the additional necessary steps to ensure your confidential data are secured in a cloud computing environment.
The original article can be found here.
Storing data in the cloud is arguably the most important aspect of public cloud resources, but it is rarely treated as such. Two practical steps to take when securing cloud data are:
- Protect your data in a real world environment.
- Meet compliance requirements.
What are the issues?
There are two primary issues that we have to deal with when talking about data security in a public cloud:
- Protection of the data: Dealing with the confidentiality, integrity, and availability (CIA) criteria. Answering the important questions, such as, “What is the risk to the data? Are the controls in place adequate to mitigate the risk?”
- Location of the data: Dealing with the physical location of the “bits” and answering questions like, “Do I know where the data resides? Does this violate any of my compliance requirements?”
Location is often doubly important because we do not think about it; it may easily slip by unnoticed and have significant impact if a data loss ever occurs.
An example is the conflict between the U.S. Patriot Act and Canadian laws on the privacy of certain personal information. The U.S. government says if there is a compelling reason, they are able to see data in their jurisdiction. Canadian laws say that the data of certain Canadian citizens is protected and cannot be disclosed. If you handle Canadian data (i.e., data that is protected), then you had better be sure it is not physically located on systems in the U.S. Note that this is something providers will need to ensure via contracts.