True or false? When you share your information with a public cloud service, you give up “ownership” rights to that data? Well, as some Twitter users can tell you, when an official legal request is involved, that statement is definitely true.
During the first half of this year alone, Twitter received 679 legal requests for user information – and ending up releasing the data 75 percent of the time. Begging the question: when you partner with a public cloud provider, is the information you make “public” rightfully yours?
But, even more importantly, to all IT executives out there, do you know where all of your data resides? It seems the majority aren’t quite sure. According to 2012 survey by Varonis, 67 percent of IT executives do not know where there data is and 74 percent don’t have a process for tracking which files have been placed on a third-party cloud storage server. So, if your cloud provider were to get compromised, you wouldn’t know which documents were at risk – a scary predicament, and a tough one to explain to the boss.
Most of our customers tell us that their data is the lifeblood of their businesses, so why hand over control of that information to anyone else? What many organizations are realizing is that when enterprise documents are stored or shared via a public cloud vendor, the vendor owns the keys to the data – the encryption keys, that is.
This is a showstopper, because it means IT surrenders all control over protection of their corporate jewels. He who owns the keys controls how information is accessed, by whom, and from where. If the keys were to be compromised (a real possibility given recent breaches of public cloud vendors as well as security vendors), your private data could become public in the blink of an eye.
I’d imagine you’d like to keep much of your private corporate data exactly that: private. So, make it a priority to know where your data is, how it could be used and the associated risks.
It’s your business, or kingdom, if you will. Insist on owning and protecting its keys.