Large companies should trust IT departments with their data, not cloud service providers.
This was view of Aidan Gogarty, a technology evangelist from secure remote-access company HOB, who showed the fear of data security in the cloud was still alive and kicking, despite what vendors might say.
Speaking at the RSA Europe conference in London today, Gogarty admitted to the perks of cloud computing, including infrastructure at your fingertips and the scalability of storage. He even called it cost effective.
However, he said the “most worrying aspect” of the cloud was data privacy and keeping data, which he referred to as “the lifeblood of your company,” in-house was a safer option.
“There are certain companies and industries that, by law, cannot distribute data… bank details, medical records etc,” said Gogarty. “But, if you are using a cloud application, where are the servers? How do you prevent these details going over a border and breaking a law?”
The difference in regulation across separate countries makes it imperative to keep track of where your data is, he claimed.
“If every country had a Patriot Act, this would be ok, but other countries don’t,” said Gogarty.
His next point focused on authenticating users who access your data. This is standard when organising security in your own data centre, but with cloud Gogarty claimed you don’t know who can get their hands on your information.
“Any user using data should be authenticated, their identity should be known, and if they are not known they should not have any access,” he said.
“It is pretty standard stuff… but people tend to go oh, cloud, it's great and don’t think about any of this.”
Gogarty admitted smaller companies would not have the resources to dedicate somebody to the security of their data and suggested they could use cloud but through PPP tunnels – point to point protocols between two network nodes for a secure connection – to protect them.
However, he said when companies got to 20 employees or more, they could have either a person or department looking after data, keeping it much safer than cloud service providers could.
“If you have one of these large organisations, if you can have a person spend a 100 per cent of the time protecting your data ,use a VPN,” he said. “You have one guy, or one department, look after it and what you do is get this system administrator to look after your interaction with the cloud.”
“Do you trust him? I trust him a lot more than I do the cloud provider.”
Gogarty claimed a VPN was in essence a private cloud, providing the remote access but offering “complete control of your security.”
“Use the cloud but use it on your terms,” he concluded.
