Is your data safe in the cloud?

The use of cloud services is slowly becoming commonplace. Especially for non-mission critical applications like email the use of cloud services could be interesting. But what about the security of your data in these cloud email services?    

Almost all email infrastructures in business are similar. Email is not distinctive and are therefore often regarded as a commodity. But an email infrastructure is not as simple as it seems. End users want to read and edit their email in many ways and places. Processing email is often not only done from the workplace, but also from home, at customers or through a mobile phone. Email should therefore be accessible through various channels, and outside office hours. Companies must implement their email infrastructure accordingly. Another email phenomenon is spam. More than 90% of all email in the world is spam. Email administrators must implement adequate measures to prevent spam. Scanning email for viruses is also a system manager's task. All in all a lot of work for an email service that can be seen as a commodity.

An alternative is to us an email service from the cloud. The costs of using cloud services is generally much lower than maintaining an email infrastructure in-house. The reliability is high and management is taken care of. Especially for small businesses and start-ups using cloud based applications can be very attractive.

There are several providers of cloud based email services. Well known are Google's Gmail, Microsoft (Hotmail), but there are also many smaller providers active in this market. Google offers Gmail services for end users but also email services for businesses. There are 400,000 businesses using Gmail already.

It is important for companies to verify how security of data stored in the cloud (such as business-critical information in emails) is implemented. Before doing business with a cloud provider the contractual conditions should be checked. Some points to observe are:

  • How does the cloud provider guarantee that data is securely stored and that no other persons or parties can access your data (do not forget to include the physical security of the data centers, is this audited by a third party?)
  • How is it ensured that no data is lost, destroyed, etc. Is it possible that you - or an external party assigned by you - perform an audit at the cloud provider?
  • What happens to your data when the cloud provider goes bankrupt, gets acquired or if the service is no longer offered?
  • Where is your data physically stored? On U.S. servers? Is the data under U.S. law (such as the Patriot Act and SOX)?
  • What is the exit strategy if you decide to move your data from one cloud provider to another? Is this allowed?
  • In what format will you get your data back in such a case? Is the data in the cloud provider to actually destroyed? Can this be checked?

All valid points I think. But the big question is: Who really asks these questions to the cloud providers? I expect most companies that use cloud services (often for financial reasons) do not address all points above.

Or did I miss something?

This entry was posted on Sunday 11 April 2010

Earlier articles

The cloud is as insecure as its configuration

Infrastructure as code

My Book

DevOps for infrastructure

Infrastructure as a Service (IaaS)

(Hyper) Converged Infrastructure

Object storage

Software Defined Networking (SDN) and Network Function Virtualization (NFV)

Software Defined Storage (SDS)

What's the point of using Docker containers?

Identity and Access Management

Using user profiles to determine infrastructure load

Public wireless networks

Supercomputer architecture

Desktop virtualization

Stakeholder management

x86 platform architecture

Midrange systems architecture

Mainframe Architecture

Software Defined Data Center - SDDC

The Virtualization Model

What are concurrent users?

Performance and availability monitoring in levels

UX/UI has no business rules

Technical debt: a time related issue

Solution shaping workshops

Architecture life cycle

Project managers and architects

Using ArchiMate for describing infrastructures

Kruchten’s 4+1 views for solution architecture

The SEI stack of solution architecture frameworks

TOGAF and infrastructure architecture

The Zachman framework

An introduction to architecture frameworks

How to handle a Distributed Denial of Service (DDoS) attack

Architecture Principles

Views and viewpoints explained

Stakeholders and their concerns

Skills of a solution architect architect

Solution architects versus enterprise architects

Definition of IT Architecture

What is Big Data?

How to make your IT "Greener"

What is Cloud computing and IaaS?

Purchasing of IT infrastructure technologies and services

IDS/IPS systems

IP Protocol (IPv4) classes and subnets

Infrastructure Architecture - Course materials

Introduction to Bring Your Own Device (BYOD)

IT Infrastructure Architecture model

Fire prevention in the datacenter

Where to build your datacenter

Availability - Fall-back, hot site, warm site

Reliabilty of infrastructure components

Human factors in availability of systems

Business Continuity Management (BCM) and Disaster Recovery Plan (DRP)

Performance - Design for use

Performance concepts - Load balancing

Performance concepts - Scaling

Performance concept - Caching

Perceived performance

Ethical hacking

The first computers

Open group ITAC /Open CA Certification

Sjaak Laan

Recommended links

Ruth Malan
Gaudi site
Esther Barthel's site on virtualization
Eltjo Poort's site on architecture


XML: RSS Feed 
XML: Atom Feed 


The postings on this site are my opinions and do not necessarily represent CGI’s strategies, views or opinions.


Copyright Sjaak Laan