The vast majority of companies now use cloud storage for store some or all of their data, and there are many cloud services available. Apple iCloud, Google Drive, and Dropbox are some of the most popular options. But, cloud storage has also been met with a lot of suspicion, because there’s something that just feels off about storing data in faraway servers you don’t own or control. So, is it safe to store sensitive customer data in the cloud?
Importance of password safety
The short answer is – yes, it is. In theory, cloud storage is just as secure or even more secure than storing your own data. In a survey by Oracle, 83% of respondents rated cloud security as good or better than traditional storage. The longer answer is – cloud security will be as secure as you make it, and that depends on your own security practices.
When it comes to data security, the physical location of the data is nowhere near as important as your control over the methods used to access that data. If you and other trusted individuals are the only ones with access, it doesn’t matter if the sensitive information is stored in your office, or a server on the other side of the world, or Dropbox’s San Francisco cloud servers. But if you’re careless with your passwords, your firewalls and encryption won’t matter, whether you use the cloud or not.
Encryption on encryption
Data stored in the cloud is kept in an encrypted format that would need to be cracked in order for the data to be usable. The encryption keys needed for an intruder to access the information are locked away with the cloud service providers on their company computers. The internal networks at Apple HQ (for example) are ultra-secure, but if you’re concerned about this you can encrypt the data yourself before uploading it to the cloud where it will be encrypted again. Two layers of encryption, with keys held in different places, would be near impossible for intruders to crack.
Security practices are key
The only real chink in the armour of the cloud’s security, is, as with any secure system, the fallibility of the humans using it. Even when using a cloud service with the security of a digital Alcatraz, if hackers can manipulate their victims to give out passwords and mothers’ maiden names, or if a work-from-home employee decides to use their insecure personal device to access sensitive company information, hackers will always have a front door into whatever storage systems you use, cloud or otherwise. The 2015 Data Breach Industry Forecast by Experian found that employees cause around 60% of security incidents (2). It’s simple mistakes and carelessness that we need to be wary of, not elite techno-genius hackers.
The best way to improve your security is not to worry about the cloud, but to improve your and your employees’ own security practices, for example by learning about good password practices.
Access the Oracle and KPMG Cloud Threat Report 2019 here.