|By Gerry Grealish||
|September 30, 2013 08:30 AM EDT||
For enterprises moving more business and customer data to the cloud, investigating and selecting an online storage solution can be a challenging task. A primary concern is the level of data security offered by the sites being considered. While the theme holds true across all of the major providers (Box, DropBox, SkyDrive), for the purpose of illustration I'll focus on DropBox since it is arguably the most popular site boasting over 100 million users.
Here is where some of the concerns begin; DropBox experienced a major security breach in July 2012, specifically involving user passwords. In response to the attack, DropBox attempted to improve password security by implementing two-factor authentication.
But just last month though, a pair of researchers released a paper claiming they had reverse-engineered the DropBox application, providing details for how hackers could potentially access private user data. Their goal in releasing this paper was actually innocuous, but provides a disturbing example of what hackers can still do to bypass password security methods to access valuable data stored in DropBox.
As I mentioned, there are other DropBox alternatives to consider, but the decisions around cloud storage implementation needs to go beyond a conversation of just Box vs DropBox or SkyDrive vs. DropBox. Decision makers should be concerned about the ever-evolving threat of cyber-attacks and potential for unauthorized access by third parties (including governmental agencies) and what that means for the future of cloud storage.
The most important questions for Enterprises to consider in regards to cloud storage is this: How can we maintain complete control of our data while taking full advantage of the benefits online cloud storage provides?
The solutions lies in strongly encrypting or tokenizing all data fields while the data is still on premise, before sending it to the cloud. These techniques keep data securely in the hands of the enterprise. With encryption, the enterprise owns the keys; with tokenization they own the token vault. These processes render all sensitive customer data stored and processed in the cloud useless to hackers of the cloud service. This gives an enterprise confidence in sending data online while allowing the organization to take full advantage of the efficiencies and benefits offered by cloud storage sites.
PerspecSys Inc. is a leading provider of cloud protection and cloud encryption solutions that enable mission-critical cloud applications to be adopted throughout the enterprise. Cloud security companies like PerspecSys remove the technical, legal and financial risks of placing sensitive company data in the cloud. PerspecSys accomplishes this for many large, heavily regulated companies across the world by never allowing sensitive data to leave a customer's network, while maintaining the functionality of cloud applications. For more information please visit http://www.perspecsys.com/ or follow on Twitter @perspecsys.