In case anyone needed to be reminded to think about it, the US Department of Homeland Security (DHS) has declared October to be National Cyber Security Awareness Month. And the month comes with a theme—cybersecurity is a shared responsibility.
Of course, that sharing includes service providers. Again, that’s not really news. However, what’s worth thinking about is how central service providers are becoming to more and more organizations. In other words, as individual entities and as an industry, hosts are targeted more and more because that’s where important data now lives. They must be ready to respond, recover, and make sure they are up to the task.
Cloud backup and recovery is already an obvious element in any discussion of cyber security. Indeed, in a posting describing one of its reports on Cloud Computing, Gartner notes that it “has seen rapid adoption of software as a service (SaaS), early adopter clients testing infrastructure as a service (IaaS) and platform as a service (PaaS).” This posting goes on to state, “Now is the time to plan how to ensure company and customer data can be protected when public and private cloud services are used, and how security policies and architectures can take advantage of cloud delivery to actually increase levels of security.”
Nor is this optional. If your customers are subject to standards such as HIPAA, FINRA, PCI, Safe Harbor, FERPA, SOX, and GLB then so are you.
In fact, research conducted by the Ponemon Institute and Thales indicates that 63 percent of respondents say they do not know what cloud providers are doing to protect the sensitive or confidential data entrusted to them.
While many businesses have been stepping up investments to harden their own production systems, to date, few have invested in securing their cloud-based backup systems – and that presents an opportunity for service providers. Encryption; is one of the few steps that almost all security experts point to as Job One for enhancing cyber resiliency and making data theft far more difficult.
Encryption can be used to protect data “at rest” or in transit. Data at rest includes, files on computers and storage devices. Encrypting such files at rest helps protect them should physical security measures fail. Data in transit, for example data being transferred via networks also needs protection and encryption can help to secure it since physically securing a network can be difficult. Both apply to service providers.
One option is to implement the Intronis ECHOplatform, which is built on state-of-the art technology to ensure data is stored securely and reliably.
The ECHOplatform, provides military-style 256-bit Advanced Encryption Standard (AES) encryption – going beyond the 128-bit encryption often used for online banking. Likewise, communication with servers uses Secure Socket Layers technology to make sure data is encrypted both in transit over the internet and in storage at Intronis facilities.
Cyber security shows no sign of becoming a less critical issue. And, with more and more businesses willing to entrust their data to cloud providers, it makes good business sense to be ahead of the curve by making sure security breaches don’t happen to your organization.