How to keep the NSA out of your company’s data

nsa

 

Who’s in the driver’s seat on your cloud strategy? Bob from marketing? Lisa from sales? It sounds ludicrous, but it’s an unfortunate reality.

Today there are a lot of employees back-seat driving cloud corporate strategies by subscribing to public cloud solutions without IT’s knowledge.

This means that proprietary corporate documents – such as confidential design specs, sales numbers, and business strategies – are being shared and stored without proper security controls.

The recent NSA PRISM revelations demonstrated just how little control public cloud providers have over government access to hosted data, which has reinvigorated an important conversation about the security merits of private versus public cloud strategies.

For me, the debate boils down to one word: control. How much control do you want over your data? There’s no one-size-fits-all approach to cloud computing – what’s right for one organization might not be right for others.

It depends on the type of information you’re managing and how confidential it is; your organization’s security policies and whether or not you need to monitor and report on where information is going; and whether or not you’re governed under industry regulations like HIPAA that dictate where and how you store information.

With a private cloud strategy, you call the shots. You get an infrastructure that’s operated just for you and you set the terms of service, as well as decide where the data lives. You know that your organization’s information is only being accessed by authorized users.

While a private cloud may not stop the NSA from demanding access to your information, at least with a private cloud deployment you would know that it’s occurring.

It’s that peace of mind that’s missing from public cloud solutions. With the public cloud there’s no guarantee that you retain exclusive access to data that’s rightfully yours. It’s unclear exactly where your information is being housed, and who can view it

And as a result you could be exposing your organization to potential data leaks and costly compliance violations.

So are you ready to take back the wheel on your cloud strategy? My advice: let security, compliance and control lead the way. And follow the road that keeps your data right where it belongs – in a private cloud under the control of your organization.

http://www.usatoday.com/story/cybertruth/2013/11/11/steps-to-keep-the-nsa-out-of-public-data/3497051/

Advertisements

About Gregory D Evans

Gregory Evans is one of the worlds greatest security consultants. Go to http://GregoryDEvans.com for more details.
This entry was posted in cyber, internet safety, Technology and tagged , , , , , , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s