Perhaps you too might be oblivious
New 'oblivious storage' techniques could be the answer to future cloud data security problems, suggests Darren Briscoe
What makes cloud computing so great for users is also what makes it a bad security move. If you can access your data any time you want, what's stopping others from doing the same?
The answer is "not much", if the data is valuable to the person trying to steal it.
Security experts are always banging on about encryption and firewalls and the need to add a layer of protection. But how many of us really thought about the impact of losing information?
Governments probably didn't think about it too much – until the US National Security Agency (NSA) scandal made headlines around the world.
Nowadays, you can't read the tech press without coming across a story on how to protect data. The most popular option, you are often told, is a hybrid model that mixes private and public cloud approaches.
This helps businesses prioritise their data in terms of management. For example, by encrypting and putting valuable data in a private cloud and the less important stuff on a public domain.
Is this enough to keep security breaches and data loss at bay?
According to a group of researchers for Microsoft, the answer is no. Their findings have suggested that users can encrypt data placed on a private, public or hybrid cloud, but this alone won't maximise privacy protection because the data access patterns of the users can disclose details about the content of their data.
The researchers subsequently came up with a few cool techniques that can increase the security level of cloud-based storage platforms with algorithms that obscure data sequences.
They called this "oblivious storage". It sounds like a great idea and probably the best solution around. It could also become the future of security.
Unfortunately, it also sounds rather complicated. How many businesses and organisations have the capability and expertise to implement this type of security layer, which the researchers say can work alongside existing techniques to provide "extra assurances"?
Also, when will it be available and how long will it take for an IT department to learn how to implement and manage it?
In the mean time, the only action that businesses can take is to keep up to date with security trends and not be "oblivious" to the possibility of security threats.
It's wise to expect that an attack will inevitably happen at some point, so businesses should make sure they know what to do to protect their investments. Backup and emergency plans should also be revised to ensure successful execution when things go wrong; they should never be an afterthought.
Darren Briscoe is technical director at Comms-care