A Solution to Cloud Storage Security
Gartner has predicted a compound annual growth rate of 36.4% in cloud storage (from 2011 to 2016). Storage remains one of the top 10 growing subsegments in public cloud services, next to office suites, database management systems and BI platforms, among others – all expected to grow by more than 40% year on year.
It’s good news for public cloud providers and the big players like Amazon (AWS), Microsoft (Azure), Google (GCP), IBM Cloud and Rackspace are certainly cashing in on the mad rush for cloud-based storage. There is, however, a slight catch when it comes choosing any of these because each provider has their own goals in mind and this affects what they include, and exclude, in their cloud offering.
Cloud Network Security
- Limited firewall configurations. Azure offers firewalls on network endpoints which is good enough for a public network but doesn’t control internal traffic. Rackspace and IBM Cloud doesn’t offer firewalls. In addition, none the big five base firewall access on user identity.
- Limited VPN capabilities. Of those mentioned above, only GCP offers private subnets on their cloud servers. And only Azure offers user identity authentication when accessing VPNs remotely.
Encryption Key Management
Cloud storage users reach for peace of mind by opting for data encryption whenever possible. Since encrypting data symmetrically (meaning that the user can decrypt the data again with the same key it was encrypted with, a secret key that belongs only to them) some contention arises when it comes to storing said key.
Vormetric surveyed 800 IT professionals across the globe and produced the Insider Threat Report (with the analysis by Ovum) which highlights that 55% of respondents said they would rather keep their keys on-site and 52% were comfortable with the cloud provider managing their encryption keys. But who decides on what is best? Perhaps a third party?
Enter the cloud access security brokers (CASBs). They specialise in enforcing and mediating better security between cloud consumer and cloud provider and according to Gartner, “… to combine and interject enterprise security policies as the cloud-based resources are accessed… Example security policies include authentication, single sign-on, authorization, credential mapping, device profiling, encryption, etc.” This means that a reputable CASB will be able to provide you with the tools to monitor and improve cloud security, enforce data encryption, and even manage the encryption keys for your cloud-based data.
CASBs are definitely addressing a desperate need for better and easier management of cloud security since consumer concerns with moving data to the cloud have never really been put to rest. Finally, there’s a viable option for companies who’ve seen the value in utilising cloud storage but have been too concerned to take the plunge.