Cloud Storage 101

Cloud Storage 101

With today's need for more data storage cloud services are used more and more and the data and the need to secure this data is real concern for users and cloud administrators alike.  First, what is 'the cloud'?  Simply put it is the practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or a personal computer.  This means a user can store data, pictures, videos, music etc. remotely to save valuable hard drive space on their local machine.  With the amount of cloud storage available this is where a user wants to make sure their data is secure, private and will not lose data integrity.   As a home user storing personal pictures may not seem too important to keep secure but think of the businesses that rely on cloud storage to keep PII, financial records, business plans and such, they need to know the data is secure.  The threats to cloud storage are well known and include DDos attacks, permanent data loss, malicious insiders, account hijacking, and exploited system vulnerabilities to name a few.

How is this task achieved?  One way is data encryption but this is not always full proof and there can be systems hiccups that cause a decryption problem which would cause the data to be corrupt and unusable. A cloud customer should ask the provider of cloud service what measures are in effect for data security, for instances, biometrics, PIN secure location where the data is stored.  Clouds API’s and software-as-a-service are still evolving which means updates can be frequent but some clouds do not inform their customers that these changes have been made. Making changes to the API means changing the cloud configuration which affects all instances within the cloud. The changes could affect the security of the system as one change could fix one bug but create another. The customers of the cloud provider should enquire if any updates are made and should ask about what security implementations have been put into place to secure their data and what exactly has changed with the system.

A type of cloud storage is Hybrid Storage.  Hybrid Clouds use both public and private clouds within the same network. It allows the organizations to benefit from both deployment models. For example, an organization could hold sensitive information on their private cloud and use the public cloud for handling large traffic and demanding situations.  With the separating the types of data, sensitive on private and large traffic and demanding situations this is considered a safer practice for companies to use.

Many companies offer free cloud storage for their users.  Apple, Google and Drop box to name a few.  The user can purchase more storage if the amount that comes free isn’t enough.  One of the good things of cloud storage is the availability from any source with internet connection.  This saves valuable hard drive space and makes accessibility a breeze.   

When cloud storage is used its always best practice to make sure the user has a backup of all important data even though the data is on the cloud.  I would go a step further and say do not put PII or any personal data in the cloud.  Be certain when we do use cloud storage the user knows the security risks involved and knows the safe practices of the provider.

IT at the Speed of Light......

Today’s IT person needs to wear many hats to be a relevant and hirable.  Long gone are the days of only needing to be sufficient in a few areas in the IT industry.  Ten years ago this was the normal path to a solid career in IT but with the huge growth of technology this is no longer the case. 

Long gone are the days of having on certification and being able to land a primo job.  Today a person needs to be a “Jack of all trades” and a master of a few.  IT security can require the person to have knowledge with man iOS systems, devices and software. The system may be local on site or housed hundreds of thousands miles away, on a virtual machine in the cloud or an actual machine.

With the use of mobile devices this opens another door of vulnerabilities.  The average mobile device user has no clue the security risks involved with their devices.  One common mistake is the device is not password protected or use a weak password that is easily guessed.  If an employee uses their mobile device for work email or other applications and loses the device this could cause a major security risk.  There’s also the risk of using unprotected (encrypted) Wi-Fi.  An IT technician needs to have a good grasp on mobile devices and know how to configure it keeping in mind someone will be walking around with this device and could easily loose it or it could be stolen.  Knowing how to secure a virtual machine on the cloud is another area IT security people need to know and understand.  It is the security technician that is the first line of defense keeping a network secure.  Cloud storage is another security risk and knowing how to secure it is becoming more common for companies big and small.

A well rounded IT person can take care of an array of equipment, to include printers, iOS, RFID technology, scanners, mobile devices, servers, firewalls etc.  It’s no longer a singular career.  Having industry certifications can be the difference in landing a job or not.  It’s becoming more common for IT employees to hold multiple certificates with or without a 4-year college degree.    All certificates are not created equal either.  Some professional certifications require that you study hard and pass a test, others require that you have years of experience in a specific field before you can even apply to be considered. Before you decide maybe getting a certification is your ticket to a career jump or a promotion, you need to determine whether or not the types of certifications that will get you ahead in your field are the ones that require skills, experience, or just a few classes. 

The world of technology moves at the speed of light which requires IT personnel to learn and change with it.  In the field of IT its common to learn something new every day and apply it along with something you learned years ago.