Five Best Practices for Cloud Security
Tips on how to better secure your cloud computing environment.
The speed and abruptness behind the U.S. Justice Department's shutting down of Megaupload on the basis of copyright infringement last week caught many by surprise, considering that many of its servers, as well as alleged perpetrators, do not even reside in the United States. Indeed, it has triggered an outcry from users who say they relied on the popular site for legitimate purposes, and are now bereft of personal recordings and work files uploaded to the online service.
More pertinently, the closure of Megaupload has rocked the perception of reliability of cyberlocker services, which have become an increasingly popular option for consumers and businesses alike. When one pauses to consider that Megaupload had 180 million registered users and an average of 50 million daily visits, it becomes evident that neither size nor popularity is a guarantee of immunity against government-led shutdowns.
I think Computerworld summed up the situation very well:
The Megaupload seizure shows how personal files hosted on remote servers operated by a third party can easily be caught up in a government raid targeted at digital pirates. But perhaps more importantly, the demise of Megaupload shows that you must be careful about where you trust your data, when picking a cloud service.
We have all heard the repeated boogeyman warnings about how cloud providers may arbitrarily change their terms of service, pillage through our confidential data or shut down without prior warning. I think it would be fair to say that many of these "worst-case" scenarios have eventually come to pass. In view of the Megaupload closure, what are some lessons that an SMB can learn?
A cloud backup should never be the sole backup
The primary lesson that can be gleaned by Megaupload's closure is probably this: Cloud backup should only be that - a backup. Due to possible legal ambiguity over servers hosted in differing geographical regions, or in the event of a similar raid, SMBs must be cognizant that it may be difficult or even impossible to recover data uploaded to the cloud. As such, businesses must ensure that a cloud backup should also not be the sole backup of a company's data.
Of course, a simple alternative may be to rely on a privately owned backup system sited at two separate physical locations, which you can read more in "Build Your Own Private Cloud with Two NASes."
Encrypt your cloud backup
Finally, it makes good business sense to encrypt your SMB's cloud backup. Not only does this ensure that confidential data stays that way regardless of a cloud provider's privacy policies, it also offers protection against system breaches by hackers. Indeed, the ready availability of open-source encryption utilities and various commercial offerings today makes uploading of unencrypted data akin to negligence.
Does your SMB back up its data online? I would love to hear your experiences and thoughts on how the demise of Megaupload has influenced your approach to cloud storage, if any.