Data security within the cloud is a major concern for anyone considering whether to make the move to remote storage and management of data. With massive amounts of data stored on outside servers, transmission of data between servers, and people from all over the world accessing cloud data, the risk of your sensitive information falling into the wrong hands is definitely there. Whether the data breach is the direct result of a security lapse within the provider, a deliberate attack by someone who wants your specific data, or as the result of a glitch or other error that inadvertently exposes your data to someone else, the result is the same: your information is at risk.
However, according to a recent report by Lieberman Software, it’s not only cyber criminals that we need to worry about when it comes to the security of our data. Just about half of those surveyed by Lieberman indicated that they were concerned about the government snooping into their data in the cloud, to the point where they avoid using cloud service providers in order to prevent unauthorized spying on their data.
“But how can they do that?” you might be asking. “Don’t they need a warrant to look at my data?”
Surprisingly, the answer is no, not always.
Cloud Servers Are Fair Game to Government Snooping
In general, there are two ways that data stored in the cloud can be viewed by the government without your knowledge.
Since the 1970s, government agencies — primarily the FBI and the CIA — have been able to access private data by issuing National Security Letters, or NSLs. Originally, the letters were designed to obtain information on suspected foreign spies, but after the passage of the Patriot Act, the scope of the letters expanded to include anyone the government chose to look into. NSLs have since been sent to companies like Google, who are then forced to provide data about thousands of users of both corporate and personal cloud storage services without their knowledge or consent. In fact, companies that receive a NSL are generally forbidden from revealing to anyone that they are working with the government; talking with anyone other than a lawyer can result in fines and prison time.
But according to a recent court decision, prohibiting companies from talking about NSLs is a violation of the First Amendment, and there is speculation that the FBI could be prevented from issuing the letters any longer. But that doesn’t mean that the government can’t access your data. In fact, it’s the second means of data mining that’s of even greater concern to those considering a shift to cloud data storage: hacking.
The Foreign Intelligence Surveillance Act, renewed by President Obama in 2012, allows government hackers to view anything stored on personal and corporate American servers by foreign individuals. Anyone who uses cloud-based storage is vulnerable to this surveillance, which can take place even if there is no credible threat to national security. Currently, the law only allows surveillance of non-Americans, but the fact remains that many individuals both at home and abroad are concerned about who is viewing their data.
Protecting Your Data in the Cloud
At this point, you might be thinking “I have nothing to hide. The Feds won’t find anything on my servers.” And that may be true, but for privacy advocates and security experts, that’s not the point. IT security experts concerned about cyber-crime point out that if government agencies can hack cloud data servers, so can criminals who are hacking for more nefarious purposes.
So while a cloud storage provider can be legally obligated to share information stored in their servers, cloud customers can protect their data from unauthorized access by carefully evaluating the security solutions of cloud services providers. For example, encryption at all points is a key to protection; if a hacker can’t interpret the data, it’s all but useless to him. Advanced threat detection and robust logging and monitoring capabilities to immediately detect and block intrusions from any source are also vital to maintaining data security in the cloud.
In the wake of high-profile acts of terrorism, it’s clear that government agencies need expert tools in order to find dangerous criminals. However, until there is greater transparency among those who are accessing data, IT security professionals will remain concerned about who has access to data that’s stored offsite, and be looking for ways to protect it from prying eyes.
About the Author: Noah Gamer is a driven business leader with experience in Internet marketing, Web software development and security software. Currently, he develops Internet strategies for Trend Micro.