Cloud Storage Security: Are You Doing Your Part?

  • natalie 94203

    Grasshopper

    Points: 18

    Comments posted to this topic are about the item Cloud Storage Security: Are You Doing Your Part?

  • Gary Varga

    SSC Guru

    Points: 82166

    I am sure it is happening in some sectors but I have yet to see a movement to the could for data hosting by a corporate client of any significant size. Even so, thanks for the editorial highlighting important, sometimes missed, considerations.

    Gaz

    -- Stop your grinnin' and drop your linen...they're everywhere!!!

  • chrisn-585491

    SSCoach

    Points: 15866

    Certification of third parties are worthless. Target (the retail corporation) had certifications.

  • natalie 94203

    Grasshopper

    Points: 18

    I would agree only to the extent that a certificate doesn't always mean value. However, certifications that are from authoritative sources do count for a lot.

  • Johan Tiberg

    SSC-Addicted

    Points: 472

    The editorial forgets about that there are more programs than PRISM (what about xkeyscore, bullrun etc...) do get copies of your data. The big providers have been shown to provide direct access to their stored data, how does encryption helps in that case, unless the data is stored encrypted all the time like kim.coms new service. But that is not practical for regular databases, only perhaps for files.

    How do you protect yourself from future regulations, most probably there will be government decrees that they need access to the data (for security reasons of course), and at that point its to late to switch to another system, and yet again keep your own data as it is used to be.

    How naive are people these days to fall into this trap? Maybe people starts to wake up, thats the real reason for the growing resistance... 🙂

  • natalie 94203

    Grasshopper

    Points: 18

    There are already US laws that force providers to comply with warrantshttp://www.cloudwedge.com/2014-us-cloud-providers-suffer-major-legal-setback/"> http://www.cloudwedge.com/2014-us-cloud-providers-suffer-major-legal-setback/ .

    Yet, there are a number of providers (like SpiderOak) that do not store a users key on their server, and therefore do not have access to a users account. Those providers are unable to grant access to the government beyond the often-times 'triple layer' encrypted versions. A user has to be a pretty serious threat to the government to warrant them attempting to begin decrypting their files...

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic. Login to reply