Is the Government Spying on Data Stored in the Cloud?

Lieberman Software just released a study claiming that 48 percent of IT and cloud experts fear government snooping in the virtual environment.

Philip Lieberman, Lieberman Software’s president and CEO, stated that the key issues for these experts were data security, cloud legislation and government surveillance.

“IT managers do not want governments snooping around in their corporate data. If a government or official body wanted to see what data a company was holding in the cloud, the cloud host involved would be legally obliged to provide them with access,” Lieberman explained.

“This means there is very limited privacy in cloud environments. IT managers know it is much easier to hide data within their own private networks.”

The experts also have other suspicions about the cloud environment. Eighty-eight percent of them believe their organization’s sensitive data is vulnerable to loss, corruption or unauthorized access in the cloud. Almost 86 percent wouldn’t trust the cloud for storing their most sensitive organizational data.

Additionally, 51 percent don’t even trust the cloud for their own personal data.

Benjamin Robbins works as a principal at Palador, a company providing enterprise solutions and strategic initiatives for app development, data security and mobility. In an article he wrote for The Guardian, Robbins made several recommendations for keeping data secure in the cloud.

The most important thing companies must do is to encrypt their data using https or ssl encryption during both transfer to the cloud and storage. Data should also be encrypted in the organization itself and in offsite backup locations.

Robbins also says usernames and passwords, instead of being tied to individual parcels of data, should be administered through a single central store. Enterprise-class SaaS (News - Alert) should integrate with sign-on standards like Security Assertion Markup Language (SAML), Federated Active Directory (ADFS) and OpenID.

Any cloud solution company should offer regular security audits that are immediately accessible. This availability means that businesses can see edits, shares, deletes and failed access attempts to retain oversight of data.

Data storage facilities must have tight physical security. Equipment should be locked in racks, cages or vaults.

Robbins also recommends access control and onsite monitoring with biometric access.

The facilities should be subjected to ongoing third-party testing such as sas-70 or ssae16 audits as well. They should also have very clear procedures in place in case the facility experiences a data breach.

None of these procedures are sufficient to prevent legal government access to data, but they can ease IT workers’ minds about transitioning into the cloud.