PODCAST: Leveraging cloud services doesn’t absolve companies of security responsibilities

170526_globalscape-logo 275By Byron Acohido

When Globalscape got started more than 20 years ago, the internet was in its infancy and the obstacles to making it reliable for commerce were obvious and comparatively simple.

Back then, organizations needed a way to securely transfer files up into this thing called the World Wide Web. So Globalscape pioneered a personal file sharing tool, called CuteFTP, and developed that service into a global business helping 13,000 companies in 150 countries routinely carry out secure data transfers.

I visited with Gregory Hoffer, vice president of engineering at Globalscape, to discuss how the fundamental challenge of reliably and securely moving data within a company and across the internet hasn’t changed all that much. What has changed, of course, are the layers of complexities introduced by the now pervasive use of cloud processing and storage services like Amazon EC2, Google Cloud and Microsoft Azure. A few takeaways:

Blessing or curse? Renting processing power and cloud storage from Amazon or Google or Microsoft has become routine. Cloud services are highly reliable and terrifically functional. But they raise a host of security issues: Who else might have access to a company’s cloud-stored data? Who, exactly, gets to keep copies? Should everything sent into the cloud be encrypted? Who needs to be responsible for encryption and, more crucially, key management? These are some of the potential curses—issues that can heighten risk.

Getting a handle on risk. Any company thinking about using a public cloud service should first go through an exercise of assigning gradients of risk to the types of data earmarked for the cloud, Hoffer says. For a hospital, payroll data is less risky than patient data, for instance.

Only then can a company expect to make wise choices.

“There’s a lot of rich infrastructure components that are slightly more technically challenging—key management, data-at-rest encryption, et cetera,” Hoffer says. “You’ll need to take those into account and be aware that they exist, but it really comes down to using them appropriately to maintain the highest levels of security.”

Consumers may be a wild card. Should consumers care about how a company uses cloud services to handle personal data? Yes! Whether it’s a hospital stay or an Uber ride to the movies, consumers’ behavioral pattern data is being collected at an unprecedented level, and much of it is being stored in the public cloud. Cyber criminals are aware of this, and so are government surveillance agencies. And they are not just sitting on their hands.

It is not only fair, but smart, for consumers to begin to demand that private industry and the government establish a societal standard for safe storage of personal and behavior data in the cloud. “Society, and industry, needs to really pursue what are the right regulations, what are the right licenses and user policies, and what remediation needs to be in place,” Hoffer says. “This is an area where we’re still learning how to cope. Consumers should certainly expect a certain level of privacy and security. But always check to make sure that you’re not relinquishing information you don’t want to; check data security standards and make sure you buy only from reputable vendors.”

For a deeper drill down, please listen to the accompanying podcast.

(Editor’s note: This article originally appeared on ThirdCertainty.com.)

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone