Working hand in hand with the service provider and having clear content management policies are the keys to cloud storage being done safely and reliably.
by Alejandra García Vélez
Security remains one of the main concerns of companies that have adopted cloud storage as a work tool. How to maintain the confidentiality and privacy of data on this platform? This is the main challenge for corporations in all industries.
In the case of the field of television, it is increasingly common to use this type of solutions as an alternative for the storage of content and, apparently, this is a trend that will continue to rise, so finding strategies to get the most out of cloud services while ensuring the security of files is essential.
Three industry experts spoke to TV and VIDEO about the subject and offered their perspective on the precautions that must be taken when betting on the use of cloud services.
In general, the interviewees agreed that it is essential to have a content management policy that allows establishing the limits in terms of its transmission and access, as well as trusting a provider that offers guarantees regarding the integrity and privacy of the information, while adapting to the policy established by the company.
Protection
The advantages of using cloud-based systems are well known, but those advantages can in turn become the biggest threat to a company. For example, among those star features we find its accessibility, scalability, virtuality and mobility, but the biggest problem will always be to be subject to the state of the service providers, since all applications and information are centralized.
Christian Combes, RHQ marketing director for D-Link in Latin America and the Hispanic region, explains that cloud services cannot be said to be more or less vulnerable than other systems.
"All storage systems have some degree of vulnerability, but the benefits of cloud computing are much higher than other services because of their accessibility and support," Combes explained.
Although it does not deny that there are strategies that can and should be implemented to ensure the security of the content. The D-Link official refers to the study conducted by Symantec in 2011 on the State of the Cloud, citing some of the recommendations made by this software company.
For Combes, the first step is to establish levels of access for information, as well as assess risks and establish appropriate policies.
"When it comes to the cloud, as well as in a physical environment, you have to make sure that only authorized users can access critical information and that that information doesn't leave the company," he said.
"It is also key to ensure that cloud service providers can meet legal and regulatory compliance requirements. Finally, it is advisable to evaluate potential providers of operational issues in the cloud, such as high availability and disaster resilience."
For his part, Lukas Alarcón, executive pre-sales engineer for Websense, highlighted the evolution that the cloud has had in recent years, leading it to be an increasingly reliable service.
"The generalization of services has led users and businesses to feel that cloud technologies are a solution. The evolution of the same is another important factor where, by the same concept of renewal of the service, concepts such as public, private and hybrid clouds have appeared allowing a company to consider scalable scenarios according to their needs, "he said.
However, just as the cloud allows organizations to expand their reach and service infrastructure when needed, it is the same organization that is in charge of delimiting their scope.
"In these environments, user data must be protected by organizational backup systems. You should also consider having physical backups of your information, since the cloud has a coverage rate of 99.9% and as we know nothing is 100% in computer terms, "said Alarcón.
Importance of the supplier
Although the training of the company's internal staff is important, as well as the involvement of the company's IT department, the key to having a secure service is to choose the cloud storage service provider very well.
But what features should that provider offer?, first of all it must have third-party certifications to ensure that it has international security standards.
"The level of vulnerability of a cloud platform depends directly on the service that is contracted and the standards that come with it. If I acquire a service without ISO certification 270001 and without a constant audit system delivered by third parties or by the offeror itself, I will not be able to ensure the risk status of the service nor will I have visibility of a risk," said Alarcón.
Consulting the official documentation of the Cloud Security Alliance (CSA), this organization explains that the security controls applied to cloud computing, for the most part, do not differ from the controls that must be applied in any IT environment.
"An organization's security posture is characterized by the maturity, effectiveness and integrity of the risk controls in place. These controls are implemented in one or more layers ranging from facilities (physical security), network infrastructure, computer systems, IT systems, information and applications," the organization explains.
The CSA also notes that in the case of working with cloud storage providers, the security responsibilities of both the provider and the consumer differ greatly between service models; but clarifies that, in general, the provider must answer for physical, environmental and virtualization security, while the consumer is in turn responsible for security controls that relate to the operating system, applications and data.
Adam Copeland, engineer at Limelight Networks, agreed, noting that "an intelligent buyer can easily achieve a strong SLA (service level agreement) and guarantees for the accessibility and security of their data. The advantage of the cloud is that you don't have to deal with manufacturers of storage, facilities, upgrades, maintenance, redundancy, security and forecasting audits, because all those concerns can be replaced with a couple of simple questions and basic training."
When establishing contact with the provider, the company must include in its information handling policy details such as, for example, whether the data will be encrypted before being uploaded to the cloud or if this task will be delegated to the provider.
In the same sense, the procedures for backing up the information must be clear. Also, establish how often the passwords will be changed, what characteristics they must have and what will be the levels of access according to users.
"These simple questions can drastically change your company's policies and workflow. But they must also understand that a provider allows the user to worry less and reduces their capital expenditures, but does not put the burden of security and protection on them alone. It's its content, keeping an eye on it and conducting audits whenever possible is the user's responsibility," Copeland said.
Finally, Copeland recommends making sure that the selected provider has flexible rules, which allow you to easily implement the policies established by the company to control access and distribution of content. In addition, you must have confidence that the selected system can evolve hand in hand with the needs of the business.
Leave your comment