Where is company data really stored? How is it processed? Is it possible to delete it permanently? These questions are all important when dealing with Cloud services to ensure the security of the data.Kaspar Geiser
Data security in the age of the Cloud.
Our data is everywhere, and nowhere. Thanks to Cloud computing, we have the option of accessing our data from anywhere and from a variety of devices. One click and boom - it's shared with other users. What about if we want to delete sensitive data? Is that even possible?
Let's eliminate the suspense up front: it is indeed possible - but only under specific circumstances. Not just deletion, but security for Cloud-based data in general requires a clear view of the overall data cycle - from writing and recording to retention, backups and, where necessary, deletion.
All Cloud storage users should contemplate how securely the data needs to be protected - and review those decisions as new business scenarios emerge. Before launching into a Cloud computing or outsourcing project, the requirements for the data must first be defined. IT specialists use the terms confidentiality, availability and integrity.
Before data can be saved, it must be recorded, transferred and, in some cases, processed.
To ensure that the data doesn't fall into the wrong hands during recording, data capture must be performed on a secure computer in a secure environment. This in turn requires at minimum strong authentication systems on the author's working device or in the relevant application, such as the Content Management System. In general, physical proximity at a location - such as the office - is also defined.
The transfer of data to a server system can be protected in a variety of ways. Dedicated lines between the office and data center can be created using the encryption function of a Virtual Private Network (VPN). The TLS (Transport Layer Security, previously known as SSL) is deployed between browser and applications. TLS makes it harder for potential eavesdroppers to access data while being transported. Once the data arrives at the data center, it is processed or simply stored.
Yet this step also requires careful attention. If for example data is to be converted into PDF form before storage in a database, then log files are created. In some cases those log files contain the content of the files. Secure data processing thus requires that an application's log files be subject to the same requirements as the rest of the data.
The biggest challenge comes in the storage or archiving of data. Data can be archived as raw data within the file system or as entries in a database. If the company wants to prevent system administrators from being able to read raw data or database contents, processing software that supports such measures must be sued. The data is then encrypted before being written or read.
An even greater degree of security is available for those who define how data is stored on disk storage media. It's recommended that data be stored on dedicated disks for each specific application. This makes it easier to optimize performance and security of the data through specific measures.
Dedicated data disks also make it possible to use supplemental encryption. Even if they land in the wrong hands, the data is useless to the thief. With that said, heightened security means lowered availability unless a well-considered key management system is in place. Access to the key must be limited to as few persons as possible. If for example they are stored with the customer, then the hosting party must be able to access them at 3 in the morning if a system restart is needed. A variety of technical solutions are available for this. Encryption systems involve additional dependencies, however, that can also threaten availability.
Data must be secured in backups, meaning in a location away from the primary location of the data and on a medium separated from the primary storage media. Here too the aforementioned technologies for secure transfer can be used. The data are ideally encrypted prior to transfer onto the backup medium for the source system.
The backup medium thus contains unreadable data for all but those with the proper key. In a disaster recovery or business continuity situation, however, the customer loses availability unless it has access to the corresponding key and is using compatible backup restore software.
It's very difficult to delete data in the age of the Cloud. While there's been much talk about the "Right to be Forgotten," which forces Google to remove data that the owner no longer wants to be public. In fact, however, the data is not actually deleted, but rather simply does not appear in the search results.
Hosts similarly do not actually delete data. When data is deleted from the primary system, they are still retained for the defined backup retention period in case a restore is desired. That means that deletions to the backup media only occur after a suitable delay. If, however, a project requires that all data be completely deleted from the host once completed, then certain technical measures must be in place. One is a dedicated media for each customer. This can then be definitively and conclusively eliminated, at both the technical level and, if needed, the physical one using a shredder.
If a project will involve the creation or processing of confidential data, then the security requirements for that data must be clearly formulated. The relevant technical implementation for protecting the data is then derived from those definitions. Using the same protections for all data can lead to exploding costs and dependencies on third-party service providers.
Encryption of data placed with a hosting party is a reasonable option for restricting access. What's more important is a clear understanding or set of instructions on where the data is to be effectively archived, who has access to that data and how it is protected against manipulation. These in turn demand unrestricted transparency by the hosting service on its technology and processes.