Anyone considering cloud computing and data security has to take pause at the colossal mistake at Microsoft/Danger over the weekend.
There’s no getting around that customer data was being stored in the cloud and it has disappeared, likely forever, so this is a cloud security issue.
While this is not the type service that businesses are likely to use, it still offers a lesson for businesses attracted to cloud services. That lesson is this: investigate the provider’s infrastructure.
The problem with the backup served by Danger to users of Sidekick phones has led to a big black eye for both Sidekick and T-Mobile, which provided the Danger service. Certainly they didn’t want their reputations undermined this way, and neither do the cloud providers businesses are likely to engage. But it happened.
If cloud storage is being used by a business, that business has to treat it as if it is its own, with concern about its architecture and how that architecture will insure availability and data integrity.
The Cloud Security Alliance has a working group looking into the security issues with cloud storage, and here is a list of questions it poses and that businesses should answer before signing with a provider.
= Do you know how your storage provider plans to ensure that your data is still reliable and available when your business needs it?
= Will you and your customers be able to trust the promises that all stored private and confidential information is protected?
= Does the geographical location of where the data being processed and stored matter?
= Is your data being securely stored and kept separate from the other residents in the data storage farm?
All the answers should be yes.