SECURITY Cloud Data Storage And File Security

The internet has become a common thing in companies’ lives. The enormity of dedicated services, fast transfers and increasing mobility go hand in hand with a change in the attitude of companies towards their activities online. More and more also don’t see a problem in storing their files in the cloud.

Despite the widespread warnings about privacy breaches by FaceApp, millions of users still voluntarily uploaded their photos to the servers of the Russian provider – as it turned out later, a source that ultimately proved safe. Does it mean that today we are more willing to entrust our data to others than just a few years ago, even at the cost of security? Perhaps, we have too few tools to comprehend the mass of information that entangles us and we simply give it up for the sake of functionality. But one more conclusion comes from this. Clouds and cloud-based services simply take good care of their users’ data. Top security has become a standard, which is a response to their immense popularity.

Almost everyone uses Google’s mailbox today, which offers its own cloud-integrated drive. Using such an account for professional purposes also has become a norm. Companies use the power of Google not only to store sensitive data in the cloud, but also to conduct their daily activities with it. Is such a solution really as safe as they assume? We constantly hear that there are no safeguards that cannot be broken and any information placed on a foreign server can be stolen. However, this statement is rarely confirmed. Practice shows that the weakest link is neither the service, nor its provider – which are usually strongly secured – but user’s carelessness and their own device connected to the cloud. Software hygiene and attentiveness are our greatest allies when it comes to preserving the company’s peace of mind. But let’s start from the beginning.

Cloud-storage means storing data on an outsourced server. In other words: an external drive which is constantly available online. Instead of saving files on home devices or sending them via email, we can store company data on a server of a selected provider and create data repository there, that we and our colleagues can exclusively access at any time, sharing files and collaborating on documents. The change in the way we work globally, especially in the IT sector, to a more flexible and remote model has reinforced that shift in a natural way. The cloud helps save costs of server protection and servicing. In addition, there is an option for more cautious entrepreneurs of creating a private cloud that includes the placing of physical servers in the enterprise premises or the use of hybrid solutions. There is perfect product for everyone.

• The highest standards of data security
• 24/7/365 availability from anywhere on any device
• Cost saving while maintaining maximum protection
• Basically unlimited storage capacity
• Data is processed by an external server, which relieves local hardware
• User-friendly interface and fast transfers
• Pricing can be adapted to company’s needs
• Backup in the event of server failure, accident or natural disaster
• Theft or destruction of a physical data medium is virtually impossible
• Technical support and additional legal protection
• Constantly updated software that prevents exploitation of code vulnerabilities
• Fostering users’ good information protection practices

It is worth saying it once again: storing data in the cloud is safe. Such a solution is convenient because loading files is often made with a friendly interface, it streamlines the filesharing process, facilitates cataloging and browsing of documents and, above all, it protects company data extremely well. As the issues of data security in the cloud are constantly raised, which might be considered a positive thing, because ultimately it is not the entrepreneurs but service providers who have physical access to servers, companies should choose well-known providers. Before choosing a supplier, it is also worth making sure that our data will be processed in accordance with the GDPR/DPAs’ regulations. Storing company records on a server that does not apply these regulations may pose a threat of privacy violation.

On the other hand, as force majeure comes into play, there is always a risk of accident or a natural disaster, which can destroy the servers with our data. There can never exist a situation in which we can rule out the risk entirely. These, however, are extreme cases, which can happen to our company hardware all the same. The difference is that cloud providers use much more sophisticated protection methods and strict procedures in the event of situations that threaten our data. They usually have several data centers located hundreds of kilometers away where backup copies of our files are stored. Therefore, files are protected to the maximum extent as they can be restored in the event of server failure. A company PC simply cannot boast of such a range of preventive measures. This is why it is important that our supplier is trusted and proven. It is better to choose a more expensive offer and be sure that our data is safe.

Anything else that matters? Plenty, actually. Cloud providers use firewalls that can monitor the packets sent, who the sender and recipient are, the integrity of individual packets, mapping their content for known threats and more. An accurate log file is also kept, which provides field for analyzing network traffic. They allow to anticipate and prevent situations that pose a potential threat. Providers can also set different types of limits to prevent, for example, full access to files when someone’s account has been logged in by an unauthorized person. The server rooms themselves also have purely physical protection: guards, monitoring, access levels, retina scanners and security systems that can evoke the setting of “Mission Impossible”. Audit institutions, international legal regulations and clients, whose opinions significantly influence the way our data is handled, also serve our company right.

There is one more key element – encryption. Data encryption in the cloud involves specialized complex algorithms to encrypt users’ information. Data owner must possess a key to read them. Without the key, an attempt to decipher data stored in the cloud would require the use of specialized tools, enormous computing power and a lot of time – we are talking about hundreds of years, including technological progress and the involvement of quantum computers. The result is simply not worth the effort. To increase data security in the cloud, the encryption process often takes place already at user’s computer with the use of dedicated uploaders. This is one of the best security solutions we have at our disposal.

It is an unfortunate, though, that despite all the safety measures we can take, cybercriminals can still access company files by guessing passwords, security question, or hacking into a company’s inbox only because its administrator downplayed the seriousness of the problem. Nevertheless, the currently used safeguards help us take care of password hygiene and facilitate the process. Many of the most popular websites, such as Google, Microsoft or Amazon, have the highest quality security both for consumer use and for processing sensitive business data. They play their part well, provided that the user knows how to ensure access security and has created a strong password, for example using KeePass. Fortunately, suppliers commonly use the strong password policy. The system will simply not allow the user to set a simple and easily guessable password. The account can be additionally protected by two-factor authentication, fingerprint lock, automatic password change, seed keys, and other means, allowing owners to restore deleted accounts or recover a password that somebody else changed.

If our company uses cloud storage services, we must always remember to use proper file handling procedures, which is particularly important in the case of sensitive data. For additional protection, it is recommended that employees themselves encrypt files using their own software before loading them to the cloud. They should also make sure that the level of security of company internet connection is right and get accustomed with the phenomenon of phishing – cybercriminals posing as a person or entity we personally know or trust in order to intercept our account credentials using false emails, websites and other methods. It’s phishing, not security holes in data services, which is the most common reason behind a breach into our account. We advise that your company knows that term well.

Make sure that employees in your company:

• Use strong passwords and additional access protection methods
• Do not store passwords in visible places (the case of “a sticky note on the screen”)
• They know what phishing is – it’s the most popular type of cyber attack!

Virtual Data Room solutions are also an alternative. In addition to utilizing security means that are at the electronic banking level, they also have a dedicated support service that supports work with files at their disposal. It is the best business tool used to send and view confidential documents, especially in the M&A sector. VDR allows to grant individual rights to users easily, and access to it is only possible if a person has received a link to the data room from the administrator. The platform also has an advanced system of reports on who logs in, shows which files are browsed, what IP addresses are use and other features. As FORDATA, we offer the highest level of data security, compliant with ISO 27 001, and we apply strict internal standards while handling the files. Find more about it in the article “Virtual Data Room: Everything You Need To Know”.

We already know that on one hand a cloud account means convenience and wide possibilities of performing file operations in a company. On the other hand, we want to believe that data security in the cloud is high, while its penetration will not dramatically affect the functioning of the company. In such a landscape, user awareness is of utmost importance. It is still mainly up to us how we will use the undoubted advantages of storing files in the cloud and whether we will provide our company with adequate protection. This is something we always need to remember about.