The consumer cloud storage market is undergoing significant change, with Tencent currently offering up to 10TB of free storage, and other providers such as DropBox and Microsoft SkyDrive increasing the free space they offer their customers. Should businesses take advantage of this free storage?
The answer, from an Information Security Forum (ISF) perspective, is a qualified "yes". We have examined the security and privacy issues of using cloud service providers – and of suppliers in general – and our findings can be applied to any cloud service (free or not). Our findings include:
- No matter what the service is, take an information-led, risk-based approach. Start off by identifying the information you intend to place in cloud storage, the risks and impacts associated with a compromise of that information, and any legislation or regulation that applies to the information you wish to store in the cloud;
- Understand who and what the cloud service provider is, where it is based and what it is offering (free isn't always free);
More from the Computer Weekly Security Think Tank on free or low-cost cloud storage
- Train the user. Users should be made aware of how to use the storage and any apps or devices (eg smartphones and tablets) that can access the storage in a secure manner. Importantly, educate users about what information can be stored in the cloud.
Underpinning the risk-based approach should be an implemented information classification and handling scheme in place, detailing how information should be classified and whether it can be stored in the cloud.
Adrian Davis is principal research analyst at the Information Security Forum (ISF).
This was first published in September 2013