Watch this week’s Tech on the Street video to learn more about the cloud, and then read our interview with Stan Waddell, Assistant Vice Chancellor for IT Infrastructure and CTO. Stan shares best practices and insights on cloud storage security.
Q: What types of information should we never store in the cloud?
A: As a rule of thumb, I tend to think in terms of individual use applications and enterprise or business grade applications. For individual use applications, my advice is not to store anything that you wouldn’t be comfortable seeing as a trending topic on a social media site. This holds true for photos, texts, email, and sensitive documents. When thinking about the business grade applications, you have to think in terms of risk to your organization and what protections are in place to prevent breaches. If the University approves a cloud system for storage of sensitive data, then sure, have at it. I will say I get really nervous about Social Security numbers in the cloud in any context. I think that’s just too risky for most use cases.
Q: What are the biggest security challenges of cloud storage?
A: In my opinion, the biggest consumer cloud security risks are exposure of private data, loss of ownership of stored data and the loss and unrecoverability of the data itself. Vendors have to go a long way to prove that they can be trusted with my critical data.
Q: What best practices do you recommend for protecting the security of our private information in the cloud?
A: If one really needs to put some sensitive information in the cloud (be that pictures, or tax returns, etc.) then encryption should be considered and the password to the encryption should never be stored in the same storage location. A lot of providers are now starting to offer two-factor authentication for their services. If it is available, try it out. It may prove easy to use and it will certainly increase the security of your information.
Q: As the University contemplates moving faculty and staff email to the cloud, what cloud security issues are foremost on your mind?
A: I worry about how well our partners will be able to protect University email from the bad guys out there. I also worry about availability. Will we be able to use our email as reliably as we do today? All the assurances from the vendor indicate the service will be secure and reliable, but I still worry.