Sensitive Data is Safer in the Cloud

With massive data breaches constantly in the news, CTOs are determined to protect sensitive data so their companies don’t wind up making headlines. Storing it onsite may seem like the safest option, but cloud storage can actually be more secure.

That might come as a surprise to some. Though virtually every business utilizes the cloud to some extent—even if it’s only a single cloud such as AWS or Google—many hesitate to adopt a full-scale cloud storage solution, particularly for primary storage, because of security concerns. That’s especially true of organizations dealing with highly sensitive data.

The legal industry is a case in point. Law firms and their service providers must manage e-discovery data that could serve as evidence in a court of law, subjecting them to stringent information governance and regulatory compliance standards. The healthcare industry faces similar challenges with heavily regulated protected healthcare information. Besides the legal and ethical considerations, healthcare providers also face a practical concern: Loss or corruption of data can disrupt patient care.

Although the critical need for security may seem like an argument for storing data locally rather than handing it off to a third party, that doesn’t stand up to careful analysis. On-premises storage is equally vulnerable to attack and data loss.

Lack of time and resources: Perhaps the most fundamental consideration is the fact that an in-house IT team is juggling many responsibilities and simply can’t devote the time, resources and focus that top-notch data security demands.

Keeping systems patched and up to date is one example. When an organization is dealing with multiple data storage and access systems—VPNs, backup, storage arrays, disaster recovery, replication—it can be a managerial nightmare to implement patches and updates on a timely basis. All too often, the inability to quickly address a known vulnerability for which a patch exists results in a data breach.

In fact, a recent survey from the Ponemon Institute found that 57 percent of healthcare organizations suffered a data breach as a result of a vulnerability for which a patch existed, and one-third of those organizations knew about the patch before the attack.

Backups are a weak point: Businesses may back up on-prem data only once a day, which isn’t adequate for disaster recovery of critical information in the event of a ransomware attack, system failure, accidental deletion or file corruption. But, the alternative—backing up frequently enough to ensure instantaneous data restoration—could slow performance of the production environment—a major disincentive, even if the IT team has the ability to do so.

The right cloud storage service can overcome these problems and be the best way to keep data protected, secure and accessible, provided it’s handled correctly by following a few key requirements:

  1. End-to-end encryption to protect the privacy and security of sensitive information: Few organizations possess the resources to move and manage encrypted data on their own. That’s where an expert service provider can be invaluable. A reputable cloud service will encrypt all data, both in transit and at rest, and give only the customer control of the encryption keys. In the very unlikely event that hackers ever broke into the service, they wouldn’t be able to access the encrypted data. Without the key, it would appear as gibberish.
  2. Data protection and disaster recovery: Reputable cloud storage services will back up data continuously throughout the day, securely storing the backups in multiple locations. They will also automatically replicate data to different sites for disaster recovery. As a bonus, this model eliminates the need to maintain a complex, costly secondary data center for disaster recovery.
  3. Patch and automatic updates: Cloud storage-as-a-service providers typically patch and update automatically, relieving often-overworked IT staff of a time-consuming yet critical responsibility. A quality cloud service will ensure that customers are working from the most current version.

These realizations have prompted a growing number of organizations to entrust sensitive data to cloud services.

The Case for the Cloud

Security was a major reason Barrister Digital Solutions (BDS) in Washington, D.C., moved its data to a hybrid cloud service. BDS provides digital discovery, document management and litigation support for many of the largest law firms in the country, large corporations and the public sector. Consequently, it had to ensure its clients’ highly sensitive data wouldn’t be lost, corrupted or stolen.

BDS also wanted to automate backup and disaster recovery, reduce its storage footprint and convert storage from a capital expense to an operating expense. Ultimately, the firm decided a hybrid cloud solution addressed all these needs, encrypting data both in transit and at rest, with only BDS holding the encryption keys. Data is backed up automatically throughout the day. Recovery is almost instantaneous. In addition, BDS no longer needs to purchase more storage than it will use to prepare for future growth because the service scales on-demand to meet its needs.

For similar reasons, Partners’ Healthcare, the largest healthcare system in Massachusetts, also opted for a hybrid cloud storage-as-a-service solution to ensure its data was secure, protected and compliant with regulations governing protected health information (PHI). The company’s Enterprise Research Infrastructure & Services (ERIS) group was struggling to ensure its researchers’ patient data was compliant with data security, protection and privacy regulations such as HIPAA. By moving to a hybrid cloud service, ERIS’ internal customers can now rest assured that they are compliant with all the many privacy, protection and security requirements they need to meet. It’s a huge time savings, because they no longer need to spend a month auditing their systems to comply with an external auditor.

The bottom line: What BDS, Partners’ Healthcare and other organizations have discovered is that partnering with the right hybrid cloud service enables them to focus on their primary mission, while ensuring their data is better protected than it could be in their own hands. Done right, the cloud truly can be a safer place for sensitive data than on-premises.

Featured eBook
7 Reasons Why CISOs Should Care About DevSecOps

7 Reasons Why CISOs Should Care About DevSecOps

DevOps is no longer an experimental phenomenon or bleeding edge way of delivering software. It’s now accepted as a gold standard for delivering software. It’s time for CISOs to stop fearing DevOps and start recognizing that by embedding security into the process they’re setting themselves up for huge potential upsides. Download this eBook to learn ... Read More
Security Boulevard
Laz Vekiarides

Laz Vekiarides

Laz Vekiarides is the co-founder and CTO of ClearSky Data. For over 20 years, he has served in key technical and leadership roles to bring new technologies to market. Prior to starting ClearSky, he served as executive director of software engineering for Dell’s EqualLogic Storage Engineering Group.

laz-vekiarides has 1 posts and counting.See all posts by laz-vekiarides