News, hot topics

Data Security in Cloud


What makes you sure the information you store on the cloud is safe? Choosing the right service provider and being overall careful.

The American Gartner predicted in 2012 that offline PC work will be mostly cloud-based by 2014. It was right. Today, USBs disappears and cloud has become a meeting point and the center of changing information. The place where everyone stores every data.

Such development makes life easier. The absolute benefit of cloud technology that is can be reached from anywhere, and you don’t have to be afraid of losing your precious storage device. However, there are still some questions about cloud data security. Even Steve Wozniak saw cloud computing and cloud-based data storage as a trouble two years ago. And the notorious iCloud events of the last weeks just seem to prove his views. Since then, hazard factors of cloud have become a widely discussed topic. So how could we handle the problem, what are the protective measures?

Data Security in Cloud | VCC BlogPublic or private?

First of all, the question is what kind of cloud we use. Cloud services have three basic types, such as public, private and hybrid. Public clouds are owned and operated by third-party service providers. Users can enjoy the benefits of low costs and an easy access. However, their data are in more danger than in the case of private clouds which are built for special companies. No matter, such clouds are whether on-premise or externally-hosted private clouds, they are exclusively built cloud environments with full data security. Their only flaw is the price which is more expensive than public clouds. As for the hybrid type, it unites both previous clouds. Lots of different forms can be built depending on which element is taken from one or the other type.

Any kinds of cloud you choose, following a secure password policy is crucial. According to the Canadian Technology, Media & Telecommunications Predictions 2013 report 90 percent of passwords can be cracked within seconds. The whole situation is similar to the case when you close your front door and leave its key in the lock. Then burglars come and you get robbed but you blame the locking provider. So easily cracked, short passwords and password reminders hand on a plate your data to anyone as the cloud is all around us. Password strength increases exponentially above around seven-nine characters.

The best passwords can’t be linked to the user in any case, they are most likely randomly chosen words complemented with numbers and special character. Password policy of Virtual Call Center for example orders a minimum ten character password with numbers, small and capital letters, as well as special characters. Such policy seems quite secure today.

Fear of cloud

As cloud computing is still misty in everymen’s eyes, one of their usual fears regarding cloud data security is that different users’ data are stored together with minimal separation.

The truth is that even public cloud tends to pay attention more and more to security and it’s out of the question in the case of private clouds. As for Virtual Call Center, clients’ data are stored separately on database level, so user companies aren’t able to access any other users’ data. User powers established according to ISO 270001 international standard assures that clients’ data can be reached by only the closest circle. Logs help monitoring who made what and when.

People also fear of possible cloud problems regarding its firewall and intrusion detection applications (IDS, IPS). However, it’s absolutely worth to choose cloud-based solutions over offline systems. Because any parts of a service can be accessed from public networks, it needs a more resistant protection on a deeper level. So today, safety of a cloud service provider is much more paranoid than it is at classic systems.

In the case of Virtual Call Center, it allows clients the most minimal access to the system’s given components. They can only reach a component if it’s more than necessary to be used, and such components are protected. Moreover, strict regulations and high protection level is even more important as the company is a telecommunication provider, as well. So it has to assure no one can log in to start premium rate calls on expense of clients.

To have always updates softwares, is also crucial. Tester teams constantly monitor if there are any damages and thy updates instantly after testing to solve the problem. A Virtual Call Center internal monitoring app helps their work that makes them able to analyze problems or even forecast them. For example, in the case of memory leaking, if any application uses more memory than it should, the leaking will be discovered much before it could affect clients due to the constant monitoring.

Lots of people are also afraid of data management and possible data analysis made by cloud service providers. However, data transmission and data protection is under a strict European Union law. The EU Data Protection Directive prohibits data transmission of natural persons to outside EEA. Unfortunately, EU data protection law isn’t perfect, new directives will come. To complicate things, transborder data flow is very common and not only in the EU but worldwide. It means data storage servers are in one country, and the people who use them are in different countries all over the world. It leads to an unclear situation which laws of which country regulate their data. The safest solution is signing a strict data protection declaration with the cloud service provider. Virtual Call Center uses that script when it binds itself to handle clients’ data confident, according to the current data protection declaration.

To sum up, fears also, usually, real regarding cloud data protection but they can be managed with protective measures and careful service provider selection. And if it’s done, data are more secured than it was with offline devices. Doesn’t matter how safe they once believed to be.