Security Think Tank: Firms must take responsibility for security in the cloud

How can businesses make use of free or low-cost cloud storage services aimed at consumers, but ensure that their data is safe and secure?

Companies such as Microsoft and Google are offering the home consumer great deals on cloud storage these days. So can small and medium-sized enterprise (SME) use these offers with confidence, will their data be safe and secure?  

Being a security professional, I take the suppliers' statements of data security with a large pinch of salt, but there are things that can be done to improve the situation. 

The first thing to realise is that a glitch in the cloud can cause your data to disappear forever (this has happened) so why not store your data on two clouds with different suppliers.

If you are paranoid, then snapshot your data at critical times (quarter end, year end, for example) and store to a CD or DVD which can be located away from your place of work (at home or the bank, for example). 

To ensure your data cannot be read, even if a cloud is security breached, encrypt the data. There are a number of good products available, both commercial (Winzip, PGP, for example) and open source (such as TruCrypt). 

What I have talked about here is using cloud offerings to store data, but if you wish to process data in the cloud, then data stored in the cloud encrypted will have to be decrypted in the cloud before you can process it, which does raise the possibility that it could be read. A small possibility, as hopefully your data will only be in clear text whilst you process. But it is a matter of taking a clear view of the risks. 

Peter Wenham is a committee member of the BCS Security Forum strategic panel and director of information assurance consultancy Trusted Management.

Read more on Cloud security