Cloud Storage: An Overview and the Security Risks

Brian Grublis, MCSE, MCTS, IT Director

What is Cloud Storage and What are the Benefits of this Storage Method?

Cloud storage is a computing model in which data is stored on remote servers accessible from the internet, or "cloud’ and maintained by a cloud storage service provider on servers that are built on virtualization techniques. By keeping documents and files in the cloud, users have the benefits of anywhere access, improved sharing capabilities, enhanced productivity, and a reduction on local storage requirements. With cloud storage, users can access files from virtually anywhere, from a smartphone on a train, from a tablet while working out of a home office, and from a laptop at a hotel during out of town business travel. Additionally, any type of file can be saved and accessed including word documents, PDF’s, spreadsheets, photos, and other digital assets.

What Type of Cloud Storage System should be Selected?

The type of cloud storage an organization selects should depend on the kinds of files they store, how much security is needed, whether the organization plans to collaborate on the documents/share files with other people inside and outside of the organization, and which devices can be used to edit and access the files. The type of cloud storage system selected may also depend on users’ comfort level with computers in general. Some services are extremely user-friendly, while others offer advanced customization for more advanced level users that may not be as user-friendly.

Unique Attributes of Cloud Storage

The ideal cloud solution for your organization will be one that ‘communicates’ effectively with your other applications and services. You will want your other software and applications to be able to retrieve and access your files, so it is critical that you select a service that works well with your other tools and programs.

Cloud based storage services boast a wide range of capabilities, with many of them specializing in specific areas. For example, Dropbox and SugarSync focus on keeping a synced folder that is accessible from everywhere. SpiderOak emphasizes security. Other services, such as Apple iCloud, Google Drive and Microsoft OneDrive offer folder and file syncing, but also media-playing and device syncing. These products also offer collaboration capabilities, offering real-time document coediting. Most cloud services also offer some level of backup protection as any files uploaded to a cloud service are also protected from disk and physical site failures, since there are redundant copies of those file in the cloud. Some services can back up all of your computer's files, not just those in a synced folder structure. With syncing, users select the documents they might need and keep them in the cloud for easy access. With backup, users select everything they think they might regret losing.

Free Versus Paid Storage

Typically, a cloud storage service offers a free account with some storage limitations, such as the amount of storage they provide or a size limit on files you can upload. Services that offer some level of free service rather than a time-based trial subscription may be more appealing as an organization will have the flexibility to fully integrate a service into its current setup while getting a feel for how it works, and how well it ‘plays’ with their current setup, at no cost.

There are many other reasons to pay for cloud storage, from getting a lot more space to having the flexibility to upload larger files. Other benefits of paying for cloud storage often include increased access to file-version history which allows the user to restore older versions of documents, more security, and more customized features for collaboration and working with teams.

What Can Go Wrong in the Cloud

Sometimes organizations will look to a cloud-based service to save money, perhaps by reducing the in-house IT staff and infrastructure without considering the wider issues involved by making that decision. For example, deficiencies in the in-house IT design and configuration can be exported to the cloud, where lack of preparation costs money. A potentially minor issue with in-house storage can become a major concern in the cloud. Before an organization considers cloud-based storage it should assess the following:

  • Have the organization's storage needs been fully evaluated before moving the data?
  • Could simply re-organizing the data internally save as much or more money?
  • Could you have made better use of existing hardware assets before eliminating them?
  • Has the residual value of existing hardware assets been taken into account when evaluating cloud storage?

Once in the cloud, data will still need to be appropriately and safely managed. Unless your IT Department proactively stays on top of monitoring and managing cloud-based data, there is a danger that, in the event of problems, users could potentially bypass your IT Department and contact the cloud provider directly to resolve issues, or even attempt to correct them on their own. This would weaken your organization’s ability to effectively monitor the cloud-based solution and make valid cost-based decisions about data placement and strategy.

The key to mitigating the risks mentioned above is effective preparation. Your organization should reference all the data to be transferred, plan the topology or ‘map’ of how data will be organized and who will have access to that data in the cloud before it reaches the cloud. Your organization should know which exact data is going to the cloud, which data will be held in-house, and how data will be managed. Don’t plan to make these decisions after you have already begun your data migration.

The decision to purchase a cloud-based storage service is an important decision and a costly one. Your storage service provider should match your needs and requirements and also be in line with your risk profile and size of your organization. If the provider is a massive corporation, a medium sized organization will fall closer to the bottom of its priority list. However, if you are a larger entity working with a smaller provider, you run the risk that the provider may not be in business for the long haul and may not be able to deliver all of the services at the reliability levels that you require.As a due diligence process, it is recommended that you check how much recent downtime a provider's services have suffered and how accessible your data will be (the correct answer should be “the five nines” meaning 99.999% uptime). If you are not satisfied with the answers to these questions after you have performed your due diligence, it is best to look elsewhere.

If your aims and objectives are not being met during a contract, you can, if necessary, select another provider. The contractual terms need to be right, and an organization will need a watertight means of extracting its data in a manner that allows it to transfer it to another provider or return it to in-house systems. The key feature in any contract you sign is the ability to change service plans quickly and easily without financial penalties.

You should be fully aware of what is covered in your contract and what isn’t. For example, backup and encryption services may not be covered; therefore, you should make provisions for those services through an outside provider or through your internal IT Department. The costs of cloud storage can add up over time to be higher than local storage. However, factoring in benefits such as universal connectivity and flexibility could mitigate these costs.

Providers can also suffer power outages; every major provider has done so. Outages are among the risks an organization trades off against the savings and other benefits cloud can deliver. You should perform detailed research regarding the provider's policies and procedures aimed at preventing these types of occurrences. You should never assume the provider has taken control of your data in the event of an outage or network shut down. Ultimately you are responsible for your own data.

Sufficient bandwidth is critical when moving data into the cloud. Your organization will need to evaluate its bandwidth requirements based on a continuous stream of data in both directions. Larger organizations may need to migrate to a higher tier of their network provider's service plans. In addition, the storage provider's network ideally needs to be at least as fast as your upload speed, and preferably, with additional capacity.

How Secure is your Data when Stored in the Cloud?

To ensure that only individuals authorized to view data can do so, data stored in the cloud must be encrypted. The cloud storage systems encode each user’s data with a specific encryption key. Without the key, the files look like gibberish – rather than meaningful data. If the cloud storage provider doesn’t offer any built-in mechanism for the encryption of data and communications (which most do) make sure that your organization has an encryption key management strategy. For example, knowledge of how the data is encrypted should not lie with just one individual (in case the person departs the organization and they take this knowledge with them). Who should have control of the key? It can be stored either by the service itself, or by individual users at your organization. Most services elect to keep the keys themselves. These services also access the key when a user logs in with a password; thereby unlocking the data so the person can use it. This is much more convenient than having users keep the keys themselves. However, this method is also less secure as if someone else has possession of the keys they might be stolen or misused without the data owner knowing. Also, some providers might have deficiencies in their security practices that leave users’ data vulnerable.

A few less popular cloud services require users to upload and download files through service-specific client applications that include encryption functions. This lets users keep the encryption keys themselves. However, for that additional security, some functionality is lost, such as being able to search among cloud-stored files. No service will be 100% perfect or risk free as there’s still a possibility that their system may be compromised or hacked, allowing an intruder to read files either before they’re encrypted for uploading or after being downloaded and decrypted.

In Summary

The decision to migrate to cloud storage or cloud-based services is not one that should be taken lightly. However, with proper research and planning, cloud storage will not only provide for a more resilient and reliable data infrastructure, it can also provide an environment where sharing work and collaborating with co-workers and business affiliates is more efficient and productive. Engaging with an experienced IT consulting firm like Maher Duessel, where our technology services team is aware of all the options and caveats of such a process, can significantly increase your organization’s level of satisfaction in transferring its data to the cloud. Consulting with our firm will also eliminate the unnecessary stress and burden on internal staff who are less familiar with the realm of cloud computing.

Connect With Us

Stay Connected!

Sign up to receive information on the latest government and non-profit industry insights, firm news, and upcoming events & seminars.

Jump to Page

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.