Embracing The Cloud: Securely

Whichever way you look at it, the notion of cloud computing appears to be the logical, if not miracle, solution for end users who want to access their files irrespective of location, device, or time of day, and for business owners who want to cut costs and complexity. 

The concept is desirable, its implementation is straightforward, experts believe it is the future of IT, and yet there hasn’t been the universal acceptance that one might expect.

Life on cloud nine

The choice of cloud service models on offer is wide and, between them, the benefits can mean a reduction in IT staff and capital expenditure, payment only for the capacity used, an instant scaling up (or down) of usage according to need, automation of tasks like backups, faster development of new apps, no tedious and time-consuming management of software licences, upgrades and updates…the list goes on.

What’s not to like? Using the cloud really does seem like a no-brainer, so why hasn’t every business made the switch?

Fears over safety

Whilst the obvious benefits are leading to an increased adoption of cloud technology, one of the principle reasons that is holding some business owners back is a concern over security. They wonder just how safe the cloud is, and fear that their data will be compromised.

This fear has been fuelled by highly publicised incidents like the Jennifer Lawrence et al case last year when nude selfies were stolen from Apple’s iCloud storage area. As it happens, it wasn’t the iCloud itself that had security flaws; hackers had guessed the affected celebrities’ passwords and simply signed in as them.

On the cloud without knowing it

It is right to be concerned about potential security breaches; they can have crippling consequences both in financial terms and loss of reputation. But the irony is, the naysayers to the cloud are probably already using it – and insecurely at that - without realising it.

For a start, think of all those spreadsheets sitting in Dropbox: there’s nothing wrong with Dropbox security as such, but last year hackers gained access to Dropbox accounts after stealing LinkedIn logins and testing them out in Dropbox.

And what about employees who use the Notes section on their phone? Many probably don’t realise that they are automatically backed up to the cloud unless the device’s relevant settings have been turned off.

And again, what about sensitive data sitting in employees’ email accounts on the cloud? Like when they email themselves passwords so they can access corporate applications at home.

The solution to security fears

For those who fear the cloud, let it be known that there is a way to use it securely: data encryption.

But what exactly is it?

Encryption converts readable data (plaintext) to unreadable data (ciphertext) using an algorithm (set of rules) whose precise output is determined by a ‘key’. Decryption is the reverse process and also uses an algorithm and key. The term ‘cipher’ applies to the pair of encryption/decryption algorithms.

Encryption: go figure

For a basic illustration of the mechanics, we might want to encrypt the plaintext “The recipe for Joca-Cola is”. We could choose the letters Z, D and F as a 3-character key and write an algorithm which says (in our plain-English computer language!) “For each letter of the plaintext, multiply it by the first and third letter of the key, then subtract the second letter”. The output would be a scrambled version of the plaintext i.e. ciphertext. Et voilà! 

Unlike this simplistic example, modern encryption technologies apply complex algorithms using long key phrases. By doing so, they take the cracking of ciphertext beyond the workings of a clever chap with a sharp pencil on the back of an envelope, to something that would take a supercomputer millions of years.

Client-side encryption

Whilst the act of encrypting data doesn’t, in itself, stop the data from being stolen, it does render it useless to unauthorised parties – the ones who don’t have the key.

As not even your service provider should know the key, it’s important that the key itself is encrypted and that your data is encrypted before transmission to the cloud. Check before you sign up: any service provider worth their salt will be doing client-side encryption, leaving nothing to fear about security.

Silver linings

Cloud computing with secure data encryption lets business owners and their IT teams focus on applications that have direct business value, without being burdened or distracted by having to manage data.

It’s not something to fear, it’s something to embrace.

If you are worried about your organization being the victim of a hacking incident, check out our free guide on How to Protect Your Company from being Hacked.