Recent data breaches and image leaks – including the iCloud celebrity naked photo hacks, stolen Snapchat images and the Dropbox hacks – have further undermined trust in cloud storage providers that were already reeling from government snooping revelations.
That’s according to Dr Kevin Curran, senior member of the Institute of Electrical and Electronics Engineers (IEEE) and a senior lecturer in computer science at the University of Ulster.
“Transparency will be listed on the front page of many cloud services due to the appalling manner in which the NSA has treated the US-based large cloud providers. Trust has gone for now in US cloud providers. It will be some time before it will return,” Dr Curran told Computing.
One way cloud providers should begin to regain public trust, he argued, is by guaranteeing that information is not stored within the US, putting it theoretically out of reach of NSA surveillance.
“This will lead to more regional offerings by these giants. They will strive to stress that data is held in situ in far flung ‘safe’ locations – basically anywhere but US soil,” Dr Curran explained. However, he went on to add that even with this proviso, US government snooping cannot be fully guarded against.
“Of course, they are still just a few router hops away from the NSA but US cloud service providers will have to distance themselves from the devil – or at least be seen to do so. So increased transparency will be the order of the day.”
Curran also told Computing that the increasing importance of big data will force organisations to examine how they use cloud-based services.
“Businesses will have to pay more attention to cloud security as legal repercussions creep in and the big data trend gathers pace. Big data is generally cloud-based – private or public cloud. Therefore all the recommended practices applicable to securing data in the cloud equally applies here,” he said.
“In particular with large data sets, due to the multi-tenant nature of a cloud platform, companies should pay extra attention to the data lifecycle phases and ensure that data destruction is provided for and auditable as part of the service,” Curran continued.
Ultimately, he questioned the thinking behind storing confidential data outside of the organisation.
“The fact that any company is allowing confidential datasets to reside outside the company network should lead them to examine how they can robustly protect that data and the answer can be simply a layered security strategy,” said Dr Curran.
“The core principle to be followed here is the encryption of data. Proper encryption too,” he continued, arguing that those firms that don’t take proper precautions should face punishment.”A company that does not encrypt sensitive customer data deserves to be fined accordingly,” he said.
Companies should ensure that there is “complete security built in, including secure endpoint authentication, integrity verification and on-the-fly data encryption. Ideally a minimum of hops or stops in between,” he said.
“Ultimately, it is critical that businesses implement a layered security strategy regarding cloud services as their company data is more exposed than previously,” Curran continued.
“It is critical to get buy-in from upper management. More so than ever, security breaches can greatly affect a company’s public reputation,” he concluded.