Mission (Im)Possible: Security
Look before You Leap to the Cloud
The recent Ashley Madison hack is just one in a long line of data breaches experienced by companies that are supposed to be dedicated to information security. These days, with a higher reliance on cloud storage and increased privacy regulations, the risks of a security breach are high and the penalties stiff.
No carrier wants to open themselves up to the bad press, expensive penalties, loss of reputation and customer attrition that a security breach brings. Thankfully, developers are doing their best to keep up with hackers by creating security systems that tighten the authentication, authorization and encryption process so hackers are less likely to breach.
Still, if you don’t know how to evaluate the security standards of the technology you put in place, you could be opening yourself to a hack and all it entails. Hackers are very smart and very determined.
While data security is the issue, it’s become an issue mainly because our storage needs have grown so large many rely on cloud-based storage more often to reduce costs and increase efficiency. By far, one of the biggest concerns insurers have is whether to choose a public cloud, where data server space is split up amongst multiple clients, or a more expensive, private in-house solution.
Let’s take a more detailed look at the differences between cloud storage and a datacenter.
The big advantages include low cost and easy setup. Maintenance is user-friendly, as little support is needed. Since there’s no need for a dedicated infrastructure, the cloud is very flexible.
The disadvantages are significant. It’s difficult to monitor data access and challenging to integrate with existing storage management systems. There’s little support for traffic shaping. You’ll find it difficult to track physical file location, which in turn makes it harder to comply with government regulations about private and sensitive data.
Some storage providers offer a disaster-recovery plan but this might not help if the storage provider goes out of business.
No matter how good your cloud provider is, it’s always less secure than an in-house solution.
An in-house installation gives you complete control over your hardware and software. This in turn lets you control the security policies you implement. It allows traffic shaping; that is, you can set preferential traffic for certain applications and/or users.
Since you own the hardware, you’re guaranteed to have enough capacity, and you can make expansion plans more readily. Even if the datacenter provider goes out of business, you should be able to recover from a disaster.
Finally, there’s the potential for greater power efficiency through specialization. Machine power consumption can be tailored to accommodate the specific task.
Cost is the biggest drawback of a datacenter. It requires a high initial investment, and operating and maintenance costs are higher than the cloud’s costs. Geographic expansion may be limited.
And, compared with the cloud solution, connectivity options may be limited. This can be mitigated, however, by using several locations and/or an ISP.
Look Before You Leap
Public cloud storage systems offer an affordable, practical option for many carriers and agencies—but not every system is created equal. Before signing a contract and moving your data, find out if the service provider has:
- A disaster-recovery plan. This will help you understand how the service provider plans to manage and protect their own data centers during a catastrophe so that your data is safe, backed up and accessible.
- Necessary industry compliance certifications. Complying with HIPAA regulations is vital, and you want a service provider who understands that.
- An end-to-end encryption policy. This will reduce data breaches during file transfer by allowing only a recipient to decrypt data so intercepting parties can’t read it.
- Reasonable caps for damages that occur as a result of a breach.
Whether you decide to use a cloud storage provider or your own datacenter, you will only be as secure as your weakest link. The most common Ashley Madison password was 123456—not exactly a smart choice for people trying to hide extramarital affairs!
Obviously, employers need to make sure their employees are choosing difficult passwords and changing them often while being aware of the risks in using an offsite, public network to access and review sensitive information.
What is your organization doing to protect itself from data breaches?