This is an excerpt from the draft of the 2nd edition, “A Primer on Electronic Security for Schools, Universities & Institutions”. Readers are asked for their comments and viewpoints surrounding this snipet.
Tangets and offshoots to this topic are welcome.
Online Storage & Cloud Computing
Online cloud computing (where the actual programs reside offsite) and online storage solutions have entered the security marketplace. These developments have proven to be highly successful & cost effective for general business operations but have not been rapidly embraced by security applications due to concerns over security of data, potential loss of data, and business continuity should the cloud be inaccessible.
At first glance, online storage from providers such as Amazon & Google are enticing with very low cost per gigabyte. Constantly streaming video creates high bandwidth demands which are too costly for most school environments.
In addition to bandwidth constraints, access to security related data online is a concern. The following excerpt from FBI Cyber Publication outlines some of these security concerns.
“As the cost of storage continues to fall, more options are available for people to utilize on-line Internet resources to store their personal and business data. Service providers offering these services provide convenience and transparency for little to no cost. While everyone is responsible for their own personal non-business related data and can select any online storage solution they feel comfortable with, this is not an option with many businesses.
Understand that when you save business related company data to a non-company approved solution, such as an on-line storage service provider, you may be putting that data and your company at risk. There are several risks associated with using a non-company provided solution or service. These risks include the basics of information security—CIA, Confidentiality, Integrity and Availability. Some questions and serious concerns include:
Will the service provider properly protect your data?
Who has access to your data?
Is the security sufficient to prevent others from cracking my password?
Will the data be protected from damage should the service provider have technical issues?
Who has control of the backup and where is that data stored?
What if I need support?
What if I’m required to submit files as part of a legal action?
Since there are many security questions and risks associated with personal on-line storage solutions, businesses should not allow employees to use these services and providers for work related data. Only company authorized solutions that have been evaluated and tested should be used for business related activities.”