by Eran Farajun, Executive Vice President at Asigra
One of the main concerns from end users about cloud storage is its security. "I am legally obliged to keep my data inside the country's boundaries; where would you store it?" "How do I know it's safe?" "How do I know I'm the only one that can access it?" These are all questions that cloud computing vendors and resellers have been striving to answer, and reassure their customers about since this service delivery model was first introduced.
However, today there is a variety of ways in which cloud solutions providers i.e. vendors, resellers and Managed Service Providers (MSPs), can near-guarantee data security and among the most sophisticated near-guarantee of security is encryption. This is a simple yet effective process that will put many customers' minds at rest, and is therefore a powerful tool for the channel.
Before data leaves the end user's datacentre it is encrypted at the source and it stays so while it gets transmitted to the cloud, essentially the data is encrypted at rest and in flight to ensure the data remains secure, where it also remains encrypted. Therefore, anyone trying to intercept this data while it is being transferred would only capture encrypted files; access to confidential content is hence not possible.
In order to access data in its un-encrypted form, it needs to be unlocked and the only key resides with the customer, ensuring that the stored version of the data is as safe and secure in the MSP's datacentre as if it was in-house.
Depending on the required level of security, keys can have between eight and 32 digits. So far, so secure. Safeguards can be applied at various levels to ensure the security of customers' data from cradle to grave including encryption key escrow management capability. This allows for an additional security provision to be put in place should a customer lose or forget their encryption key.
Measures of security (or lack thereof) will often be a deal breaker so any reseller or cloud service provider looking for that extra element of differentiation should certainly look into having as many of these security measures in their portfolios.
Amongst the most important factors is to ensure that the underlying technology vendor has a third-party certification of the encryption elements in its products, like a governmental body. It is not enough that a vendor claims their product is secure and it incorporates some form of cryptology. The real question is whether anyone has actually verified that the encryption was implemented properly so it cannot be defeated. This is the comfort level that a recognised third-party certification provides.
In the cloud data centre itself, the security of the data is protected even from datacentre operations staff due to its encrypted format. Cloud operations personnel do not have unauthorised access to the decryption key, meaning that customers should feel safe in the knowledge that their data is visible only to them. Building a level of trust such as this is "key" (excuse the pun) when establishing channel relationships, as trusted resellers are the ones to whom happy customers will return, and will be recommended to others.
It is details such as this that give good relationships the advantage; in order to provide the best possible service it is necessary to understand the technology being utilised and leverage it to each customer's advantage. Thus, fears about the security of data in the cloud should be greatly reduced. Customers who feel happy with the level of security, support and flexibility provided are the ones with whom relationships will flourish.
This was first published in November 2011