News & Reviews

Tagged: Cloud Security RSS

• 

  Origin Storage 17:05 on 29/06/2012 Permalink | Reply
  Tags: Cloud Security, Data Breach ( 24 ), Data Encryption ( 43 ), In the Cloud ( 2 ), Origin Storage ( 62 )   

  Lawyers state data in cloud a business risk 

  European companies using the cloud are potentially contravening data protection laws in the UK and Europe.

  An investigation by Future Intelligence into the legal position of data stored in the cloud has found that many companies are running the risk of prosecution.

  Legal experts contacted by Fi, say in its current form that the cloud technology system worth £14.4 Bn globally to the technology companies promoting it, puts companies trusting personal data in breach of data protection legislation.

  “As it stands the cloud doesn’t comply with data protection,“ said Susan Hall, partner in the Technology, Trade and Media unit at the Manchester-based national legal practice Cobbetts.

  “People go into the cloud for economies of scale and the very factors that lead to those economies of scale are the exact same factors that are likely to lead to the information that they store via the cloud being less well protected and less compliant with the data protection regime.”

  Hall is not alone, every legal expert contacted by Fi confirmed that any company trusting its data to the cloud has virtually no protection against potential prosecution because cloud providers can neither guarantee that their cloud technology complies with existing EU data protection regulations nor will offer contracts indemnifying their clients in the event of any data loss.

  A spokesman for the UK Information Commissioner’s Office confirmed that there were issues with the cloud.

  “The legal experts are quite right. If you have an agreement with a cloud service provider it doesn’t absolve a company of its responsibilities under the Data Protection Act, which requires them to have adequate measures in place to protect the data that they control,” said the spokesman, adding that the European Council’s Article 29 Working Party on data protection is due to report on the issue later this month,

  The main reason for this is because the cloud works by allowing companies to house their data on computers that are continually moving the location of that data which can put those companies in breach of data protection legislation and leave them open to fines of up £500,000 that could rise to 2% of global turnover if new penalties being proposed by the EU are adopted.

  The risks posed by this have been stressed in the US by the American National Institute of Science and Technology which became so concerned about the issue that it wrote a paper trying to provide clarification and warned : “Clouds have the potential to aggregate an unprecedented quantity and variety of customer data in cloud data centres. This potential vulnerability requires a high degree of confidence and transparency that cloud providers can keep customer data isolated and protected.”

  A detail confirmed by Professor Fred Cate, a highly respected data protection and legal expert, who advises the US Department of Homeland Security and the Defense Advanced Research Projects Agency.

  According to Cate guaranteeing that copies of data are not left behind in the cloud is incredibly difficult because of the nature of internet technology.

  While according to Kathryn Wynn, a data protection expert for the international law firm Pinsent Masons, the current situation means that companies using the cloud face the prospect of being legally liable for data that they have little effective control over.

  “The problem is that the Data Protection Act does not really command any mechanism to allow organisations to ensure that its cloud arrangements are compliant. At the moment they can end up in a situation where they are technologically compliant but what matters is how secure its data is and they cannot guarantee that.”

  The issue for companies wanting to use the cloud is that under the terms of the Data Protection legislation that they are liable for the data that they have collected and have a duty of care to make sure that they know what is done with it, including being sure that they know it has been destroyed.

  A level of detail that cloud computing is hard pushed to be able to deliver as it is only able to offer cheap computing by allowing companies to share computer resources and the technology actually moves data around within computer centres and between computer centres in different parts of the world.

  This is an extract from an article published by Future Intellegence

  to read full article click here

   “Origin Storage has always believed that Cloud will play a huge role within computing as a whole, but from a stand point of  where your sensitive data should be kept, we believe it should always stay under your protection.

  This why Origin Storage has always handpicked specific products that keep the customer 100% in control, and have complete transparency in managing all encrypted devices, whether being SED’s (Self-Encrypted Drives), Encrypted Drive SSD or DataLocker for encryption on the move.

  With customer control and transparency in mind , Origin Storage has recently signed a distribution agreement with Wave Systems Corp to distribute their Encryption management software, utilising the TPM Chip (Trusted Platform Module), which is already installed on over half a billion systems worldwide, the software which includes Bitlocker management, EMBASSY Remote Administration software, as well as Safend Data Protection Suite for all your end points.

  For full details of Wave Systems software please click Here

  Share/Bookmark
   

  Reply Cancel reply

  Required fields are marked *

  Name *

  Email *

  Website

  

• 

  Origin Storage 11:27 on 31/05/2011 Permalink | Reply
  Tags: Cloud ( 2 ), Cloud Computing ( 2 ), Cloud Security, Cloud Services, Cloud Storage, Clouding Computing, Computing Cloud, Computing in the cloud, Data Encryption ( 43 ), Data Security ( 32 ), Data Storage ( 23 ), Encryption ( 32 ), In the Cloud ( 2 ), Information Storage, Internet Security, Origin Storage ( 62 ), Security Essentials, Sensitive Data ( 3 ), Sensitive Information ( 3 ), The Cloud, To the Cloud   

  The Cloud – Soft and Fluffy or a Serious Contender 

  With what appears to be limitless storage options, for many the cloud is an attractive proposition. It offers savings to organisations looking to cut down the premium space they need to store data centres, and it can increase efficiency with data and applications shared over the internet. However, with questions still remaining over its security, how can organisations best utilise this exciting resource?

  When you board an aeroplane you’re asked to buckle your seat belt and listen to an important safety announcement. The same is true before you propel your data down the runway and jet it into the cloud.

  So, what’s in our safety demonstration:

  Pack Carefully
  If you’ve flown before you’ll know that there is limited space in the cabin with the majority of your luggage having to travel in the hold. Therefore, when you pack, you make sure your most valuable items are squeezed into your in-flight bag. For data, it’s not very different.

  Before packing all your data off into the cloud you need to sort it and, for most organisations, not all of it will be suitable to store in the ‘hold’. If the data contains sensitive information that, if compromised, could damage your organisation, then you need to be asking yourself if it really should be jetted off into the cloud?

  Prepare for passport control
  So, sticking with our aviation theme, before you get anywhere near an aeroplane, and your luggage in its hold, you have to pass through stringent security checks and have your passport examined. Legitimate travellers will have the correct documentation and allowed access but, in an ideal world, those that don’t will be identified and prevented access before they can cause any damage.

  Assuming you’ve decided to store your data in the cloud, you need to make sure your passport controls are as effective. If they’re too stringent or time consuming legitimate users may not be allowed access, however too lax and anyone can get in and violate the data.

  Providing flexible access may mean your users will want to use personal devices from outside the corporate environment. This can open a whole can of worms as the device may be infected with key loggers, or other malware, that could jeopardise the data or application’s security.

  If data is password protected in the real world, then virtually it needs even stronger defences. The question has to be asked whether cloud security offers this and, if you can’t be guaranteed, then serious doubts must remain over its suitability for your organisation.

  Fasten your seatbelt and stow your table in the upright position
  Personally, I always wonder just how effective an aeroplane seatbelt is but, luckily, I’ve never been on a plane when it has experienced violent turbulence or even crashed so I haven’t found out. Could the same be true for cloud seatbelts?

  New encryption software is creeping into the market designed to protect data stored in the cloud. With AES 256-bit encryption accepted as the most secure option in the real world, I wouldn’t recommend anything less should even be considered for virtual storage.

  In reality, until we really know how insecure these storage facilities actually are in the first instance, we have no real idea whether these solutions are necessary or will even work. That said, admittedly I still fasten my seatbelt when the pilot switches on the sign and would recommend you do the same for your data. What I would say is, if you’re in any doubt about whether you can risk your data falling from the sky, perhaps it shouldn’t be there in the first place.

  You’ve arrived at your destination
  We’ve all experienced the holiday of a life time that doesn’t quite live up to it’s billing. The climate that’s either too hot or too cold or that half the items you’ve crammed into your suitcase aren’t needed yet the cable to charge your mobile phone has somehow been left behind. The cloud is exactly the same.

  It isn’t suitable for everything, or everyone. Careful consideration and planning needs to be undertaken first if you’re to migrate the right applications and data to benefit from increased efficiencies and lowers costs.

  Another element is download speeds. Agreed, bandwidth should not be the only consideration when selecting a cloud service provider but it is an important factor. It needs to be balanced with quality of support, pricing, features and reliability.

  One final consideration I would urge you to cover is, having planned your migration to the cloud, make sure you’ve get an escape route planned if you find it isn’t everything you dreamed it would be. How will you reclaim your data, are you locked in for a given period, will they help you transfer to another provider?

  It is my belief that the cloud environment will be compromised at some point – probably in the not too distant future. I don’t appear to be alone in this as IT analyst Gartner advises businesses that they must work closely with their cloud computing services provider to ensure that potential security issues are flagged up, and dealt with, before they become a problem. Don’t be blinded by promises of performance or cost savings – a security breach could quickly eradicate both of these benefits and potentially deal a fatal blow to your organisation.

  So be warned, even a parachute might not protect your data if someone decides to push it from the cloud.

  Share/Bookmark