Cloud storage vendors – all born equal?

One of the early key cloud applications that has stayed the distance, Cloud Storage is a competitive market. From basic low featured freebie accounts to fully synchronised and managed backup, there’s a solution to fit most users. But what are the benefits for the channel?

Cloud storage is file storage on remote servers accessed from the internet – the cloud. It is maintained, operated and managed by a cloud storage service provider on storage servers that are built on virtualisation techniques. Instead of keeping your files on your local hard drive, external hard drive, or flash drive, you can save them ‘online’.

There are pros and cons when it comes to any applications and you’ll find a wide variety of views being held in the market.
When it comes to the advantages there seems to be a consensus on the pros being:

Accessibility: Files in the cloud can be accessed from anywhere with an Internet connection. This allows you to move beyond time zone and geographic location issues.

Cost savings: Cloud storage for your business will come at little or no cost for a small or medium-sized organisation.

Disaster recovery: All businesses should invest in an emergency backup plan and cloud storage can be used like this by creating a second copy of important files.

Scalability: With cloud storage, you only pay for the amount of storage you require. If your business experiences growth, then the cloud operator can help accommodate your corresponding growth in data storage needs. This also works in the same way if your business shrinks and you require less storage space at a reduced rate.

…and the Cons

Security and privacy in the cloud: There are concerns with valuable and important data being stored remotely. Before adopting cloud technology, you should be aware that you are giving sensitive business information to a third-party cloud service provider and this could potentially put your company at risk. This is why it is important to choose a reliable service provider that you are confident will keep your information secure.

Vulnerability to Attacks: With your business information stored in the cloud, there is a vulnerability to external hack attacks. The internet is not completely secure, and for this reason, there is always the possibility of stealth of sensitive data.

Lifetime costs: With public cloud storage, the price costs over the years might increase and tend to add up.

Compliance: Depending on the level of regulation within your industry, it may not be possible to work within the public cloud. This is especially the case for healthcare, financial services and publicly traded companies that have to be especially careful when considering this option.

On balance however, despite concerns about the security of cloud storage, many businesses see that the cost savings, accessibility and disaster recovery are more valuable than the associated risks. Cloud storage is certainly here to stay for some time yet.

David Barnett, Head of CASB EMEA at Forcepoint, says that one of the biggest challenges facing IT departments today is finding a way to allow frictionless access to information, whilst at the same time safeguarding sensitive information.

“It’s a challenge that’s becoming even more difficult too as more businesses migrate to cloud technologies to store their data.

Employees are used to managing data in their personal lives across multiple services, and they’re no different at work. Whether they’re more comfortable using a particular service, or they’re using workarounds to circumvent harsh security restrictions, a surprising amount of company data can be found saved across a number of other platforms.

We’re all well aware of ‘shadow IT’, but this type of under-the-radar cloud activity can be upwards of 50% of a business’ total web traffic. These accounts don’t just include those that are active – those from ex-employees, contractors or even just dormant storage spaces may all contain sensitive data.

All clouds are not equal, and those sanctioned and managed by IT will likely be more secure and less at risk of a breach – but not always. The first step is to accurately map any organisations cloud usage, and a CASB (cloud access security broker) solution is a good start.

Once mapped, levels of risk can be identified, along with what specific kinds of threats an organisation might be susceptible to. Pinpointing these is much simpler by benchmarking against industry best practice and standards. But organisations should also be holding themselves accountable to these best practices. It’s about instilling a security culture, and that’s much easier to do from the start.

Data centre storage offers scalability for users.

Protecting data requires significant controls but it always needs to be balanced against access. Organisations should be creating behavioural profiles based on the normal usage patterns. These profiles account for variation between employees and enable security measures to be adapted accordingly. Automated alerts or hybrid cloud approaches (where some data is kept on-premises and other information hosted remotely) are further options that can be taken to bolster cloud security efforts.

If businesses are to have any chance of exposing security blind spots and adequately protecting their staff and data, they need to put proper discovery, governance and protection at the top of their priority list.”

Matt Aldridge, Senior Solutions Architect Matt Aldridge at Webroot, believes that there is an assumption amongst businesses that a cloud storage provider will provide all of the necessary security protection for the cloud-hosted services.

“Although many of the leading cloud service providers are beginning to build more comprehensive and advanced security offerings into their platforms (often as extra-cost options), cloud hosted services still require the same level of risk management, ongoing monitoring, upgrades, backups and maintenance as traditional infrastructure. Management access controls, multi-factor authentication, data encryption, backups and SOC monitoring of these platforms can sometimes be lacking, or not enabled or included as standard.

One of the main advantages of cloud storage is the ease and speed of deployment and scalability, but these features can also be a security Achilles’ Heel.

Default security posture can vary between vendors and rapidly prototyped solutions can be brought into service without adequate oversight from security teams. We continue to see reports of massive cloud-hosted file stores and databases being left unprotected by companies, leading to massive leaks of confidential, personal and business data. To prevent misuse and reduce the risk of human error, it is critical that like all other infrastructure components, cloud storage solutions are properly evaluated, protected and maintained.”

According to Justin Dolly, Chief Operating Officer & Chief Security Officer at SecureAuth Corporation, cloud services are a fantastic mechanism for companies to potentially save money and reduce the level of expertise that is required within the company.

“There is likely not a single company in business today that does not utilise some form of cloud service from payroll, to backup services, to human resources. But shifting services and data to the cloud can mean relinquishing some control over security and protections.

Therefore, all cloud storage vendors must maintain a certain level of security control based on the sensitivity of the data that they are collecting, storing and processing. And cloud services vendors must establish and maintain trust within the community and the industry as a whole. Everyone must assume that it is not a matter of ‘if’ a company will get compromised, but ‘when’ to ensure every precaution is taken.

In order for a collaborative approach to be effective, there needs to be a good level of transparency between vendors and customers about the security of the environment and if that security is ever compromised. Security controls must be implemented to minimise the potential consequences of exposure of data in the event of a breach and security monitoring must be diligently watched for any signs of compromise or attack.

At this point, it is likely that a company can get a myriad of services, systems or applications from a cloud services provider. While it is still the company’s ultimate responsibility to protect sensitive or customer data, cloud services vendors must also ensure security and privacy by design are architected into the products and services from the very beginning.”

Dropbox

Everyone has heard of Dropbox; I’ve had an account for some time and upgraded to the Business version around three years ago when my wife started her own business. It works well for us both so it was interesting to get the views of their Head of Global Channels, Simon Aldous.

I asked him, ‘The most common question that businesses are sure to ask is ‘How secure is my data?’ What’s the best answer for that?

“Dropbox has over 500m users, and 400,000 paying businesses around the world trust Dropbox with their data. One of our core values is being ‘worthy of trust’ and it’s something we take very seriously, especially given the fact that over 1.2 billion files are saved to Dropbox every day.

We have security certification such as ISO 27001 (Information Security Management), ISO 27017 (Cloud Security) and ISO 27018 (Cloud Privacy and Data Protection) just to name a few. We also have taken further steps such as 2FA, SSO, Device controls and whitelisting, Remote Wipe, Sharing controls, Audit log, plus many more.

When it comes to the optimum level of vendor service and support every customer has different service expectations; however, we believe that every vendor should be in a position to deliver the levels of support that has been agreed to in the service license agreement.

Simon Aldous of Dropbox

How do we differentiate our offerings? Over 500m people across the world use our platform, and that’s because it’s simple and easy to use. We have an open ecosystem, which means that our users can pick and choose what other tools they want to use and integrate with the Dropbox platform. We aren’t a ‘walled garden’ like other companies, and our users love that.

With regards to the location of the cloud storage, unless you work in environment that stipulates via regulation, it’s not important.”

So, I asked, how did Dropbox make the move from home use to a business application?

“When Dropbox was first built in 2007, our users loved storing and sharing their content in Dropbox in their personal lives, because it was easy to use. No matter what environment, people want easy to use tools and that’s why we saw a huge adoption of Dropbox for work. Therefore, 5 years ago we built Dropbox Business which has all the ease of use of Dropbox, but with added functionality to make it enterprise ready.”

Free Instant-Access Online Storage

There are many free to use on line storage offerings that are frequently changing in terms of the amount of data that can be stored before charges apply. The best known are as follows.

• Google Drive: 15GB free
• Box: 10GB free
• OneDrive: 5GB free
• Amazon Drive: 5GB (+ unlimited photos with Prime)
• iCloud: 5GB free
• Dropbox: 2GB free (up to 18GB with referrals)
• BT Cloud: 10GB-1TB ‘free’ with BT broadband

Ed Says…

For many really small organisations the free storage offered by the likes of Google and Amazon may well suffice their needs but like myself, many will quickly realise their limitations and upgrade to more professional versions. My driver to using cloud storage was never one of cost but instead more about having the security of a back-up of all my data with the flexibility of being able to access it from any of my connected devices or indeed anywhere I had an internet connection. Cloud storage would seem to be one of the most popular shadow IT applications and this presents a danger and challenge for IT managers to control – a circumstance that illustrates opportunities for resellers.

Simon Aldous of Dropbox: “Using a trusted provider is key to keeping your content secure. If there are several DIY applications in use, it will be harder to collaborate and also a potential security issue.”

The following two tabs change content below.

David Dungay

Editor - Comms Business Magazine