Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Latest News
    • Blogs
    • Storage Station

    Nasuni CEO’s Five Ways to Address Cloud Storage Security

    Written by

    Chris Preimesberger
    Published June 16, 2010
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Cloud-based data storage certainly isn’t perfected, although it’s working very well for a great many enterprises. There’s a lot of competition cropping up these days, and providers are elbowing each other in an effort to grab attention from potential customers, but don’t be misled by claims that your data is always perfectly safe at all times.

      At the IDG-IDC Cloud Leadership Conference in Santa Clara, Calif., on June 14 and 15, a snapshot poll of attendees was taken about some important issues. It didn’t surprise anybody that security concerns were recorded as by far the No. 1 deterrent for enterprises thinking of — but not acting on — making the jump to cloud services.

      Although cloud storage includes inherent vulnerabilities, they need not prevent a business user from taking advantage of its economies and flexibilities. Here, courtesy of CEO Andres Rodriguez of Nasuni — former IT director of the New York Times — are the five most important ways he considers to address data security in cloud-based storage infrastructures.

      1. Data leakage: Many businesses that would benefit significantly from using cloud storage are holding back because of data leakage fear. The cloud is a multi-tenant environment, where resources are shared. It is also an outside party, with the potential to access a customer’s data.

      Sharing storage hardware and placing data in the hands of a vendor seem, intuitively, to be risky. Whether accidental, or due to a malicious hacker attack, data leakage would be a major security violation.

      The best strategy is to assume from the start that the cloud vendor is compromised and send only encrypted files to the cloud. Use the strongest encryption that you can; anything less is not worthwhile.

      Don’t depend on the cloud provider or an intermediary to encrypt those files for you; in that case, they’ll be able to decrypt them as well, and you’ll have to rely on trust. With the cloud, all data and metadata should be encrypted at the edge before it leaves your premises. The only person to trust is yourself.

      2. Cloud credentials: Even encrypted data can be vulnerable if your files are pooled in with those of another customer. Access to a given pool of storage is based on credentials, and if you are lumped together with another set of customers and share the same credentials, there is a risk that one of them could obtain those credentials and access your data.

      They would not be able to decipher it, assuming it is encrypted, but they could delete the files. By securing your own unique credentials, however, your files will be separate. No one else will be able to log into your account and delete your data.

      3. Snooping: Files can be vulnerable in the cloud, but there are also risks during data transmission. Strictly speaking, encrypted files do not need to be sent over a secure line; this amounts to double encryption. But it is best to assume the worst and guard against any measure of snooping by only sending and retrieving data over a secure line. This prevents against someone seeing cloud metadata. Data and metadata should be completely opaque on the wire and in the cloud.

      Nothing — even filenames and timestamps — should be decipherable once it leaves your premises.

      4. Key management: This has to be addressed properly, because if you botch key management, there is a risk that users will not want to activate the cryptography, which then compromises security. Key management should be so simple that users are not even aware of it:

      –Encryption should be automatic. There should be no way to turn it off. This way, if there is no insecure mode, then there is no chance of someone accidentally sending unencrypted, vulnerable data to the cloud.

      –Keys should also be securely escrowed and difficult to retrieve, so that no one can obtain that key to access your data. Ideally, you would escrow this key yourself, but Nasuni also offers customers secure key escrow.

      5. Performance: A strong security strategy is a necessity, but it should not seriously impact performance. Encryption of data being sent to the cloud — and decryption of files called back from the cloud — should happen with little or no impact on the user experience. Ideally, it should all happen without the user noticing a thing.

      Good advice all around, so thanks, Andres, for the contribution.

      This might have been the most important article you read today.

      Chris Preimesberger
      Chris Preimesberger
      https://www.eweek.com/author/cpreimesberger/
      Chris J. Preimesberger is Editor Emeritus of eWEEK. In his 16 years and more than 5,000 articles at eWEEK, he distinguished himself in reporting and analysis of the business use of new-gen IT in a variety of sectors, including cloud computing, data center systems, storage, edge systems, security and others. In February 2017 and September 2018, Chris was named among the 250 most influential business journalists in the world (https://richtopia.com/inspirational-people/top-250-business-journalists/) by Richtopia, a UK research firm that used analytics to compile the ranking. He has won several national and regional awards for his work, including a 2011 Folio Award for a profile (https://www.eweek.com/cloud/marc-benioff-trend-seer-and-business-socialist/) of Salesforce founder/CEO Marc Benioff--the only time he has entered the competition. Previously, Chris was a founding editor of both IT Manager's Journal and DevX.com and was managing editor of Software Development magazine. He has been a stringer for the Associated Press since 1983 and resides in Silicon Valley.
      Linkedin Twitter

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.