Cloud storage a 'security time bomb' for public sector
by Alan Laing
Public sector organisations making use of cloud services to store data must seek to defuse the security time bomb they face as quickly as possible, writes industry expert
In recent times there has been a massive rise in the popularity of public cloud services such as Google Drive, Microsoft Sky Drive, Box and DropBox as a way to store data. The use of these services is greater than ever, demonstrated by the fact DropBox recently passed the 100 million user mark.
But while the cost-effective and time-efficient attractions of these cloud-based data storage services are obvious to most users, the potential pitfalls are not so well understood. On closer examination, there are very obvious security issues that arise from entrusting data to the cloud rather than keeping it within an organisation on an internal network.áLast summer, DropBox was the victim of a high profile security breach that left many users vulnerable and their files open to hackers, providing a very clear illustration of the security concerns surrounding public cloud services.
Despite this very public demonstration of the perils of using these types of cloud storage services, government departments and local authorities have been slow to react. A recent freedom of information request from Acronis examining the attitudes towards public cloud storage services across 48 local and central government organisations revealed that over a third – some 36 per cent – impose no restrictions on staff use of public cloud storage.
The request also found that 59 per cent of local authorities and 29 per cent of central government departments restrict access to public cloud storage services but restrictions can be over-ridden on a case-by-case basis. This approach is deeply unsatisfactory as it leads to confusion on when and how users are restricted and muddles policy. Only a third of local authorities and 43 per cent of central government departments have acted to minimise the risk of a data breach by imposing a complete block on access to public cloud storage services.
Given the potential security weaknesses in public cloud services, it is imperative local and central government organisations ensure highly sensitive data remains secure on public sector networks. To achieve this, they need to develop and communicate policies that guarantee the protection of this data and remove confusion about its authorised use. There is no argument that public cloud services are very successful at storing data for consumers, but they do not meet the requirement for organisations subject to regulation, such as government departments, to provide a secure file sharing solution that protects their critical assets.
The use of public cloud storage services in the public sector needs to be addressed urgently. Government departments must seek to defuse the security time bomb they face as quickly as possible. To do so, they need to implement a solution that will satisfy their workers' need for file sharing and quick file access from anywhere while maintaining the highest standards of data protection to keep public information safe and meet industry regulations.
The good news is that there are solutions available that combine consumer-level simplicity with enterprise-grade security and management while allowing organisations to distribute access to shared data and improve collaboration without compromising corporate privacy and content protection standards.
Alan Laing is vice-president for Europe, Middle East and Africa at Acronis
Good article. Quite accurate and relevant, but can be taken out of context by persons who are unaware of all the cloud options; and not just the public cloud. The article would have been more balanced if the private cloud infrastructure were also discussed, which would pose much less risk than the public cloud and may possibly be an alternative (in some instances).
Roland Kissoon - Trinidad & Tobago