11 Jul The Cloud Data Protection Myth
Guess what? Your cloud hosting provider DOES NOT secure your data, YOU DO.
Cloud providers divest themselves of your data security risk in your contract – and you pay for any backup input outputs! And that amount may be a big sum over your contract (read your fine print).
How do you properly protect your encrypted data?
Who now has your encryption keys?
Where are your keys?
Are your keys secure and is there a back-up of your cloud data now you know your cloud provider is not protecting it – now we’ve revealed the myth?
The belief that the cloud has adequate data protection in the capacity to protect you is “a myth” according to a key Microsoft VP.
Did you also know that law enforcement requested, court approved, clandestine surveillance of US citizens, and now Australian citizens (under new laws being enacted) takes place daily? In the US meta-data requests are given WITHOUT A WARRANT. How can they get access your data and what does this mean?
“This activity represents a sea-change from historical norms" according to Tom Burt, Microsoft's VP of Customer Security & Trust who testified recently in the US as a representative of cloud service providers. Burt clarified that the practice was "an ongoing problem since the ascendancy of cloud computing."
The need to back up your data outside of the cloud and encrypt your data, and that means managing security keys better, is critical more than ever. If hackers can get your encryption keys in your cloud-hosted environment, can you protect yourself from that? You can’t and that’s where ransomeware is a great business for crooks.
Even the most recent attacks on Kaseya (a global managed services provider), JBS worldwide and most recently an Australian council was cloud data. They didn’t protect it and their cloud provider doesn’t secure it.
Encryption key management
The real question is “what is key management?” And just how are you secure from a state actor or criminal group performing an encryption key attack and using quantum computing capability to brute force your keys?
We have been advising council’s around this recently and we have been advising councils and regional authorities to protect and secure data in Australia since 2003. But don’t take our word for it, be sure to call us and we will be glad to let you speak with our clients, and let them tell you how we do it better.
