Blazing trials through new technology—specifically cloud backup and recovery–is foolhardy if you have little or no idea about what kind of security protocols need to be in place to make the experience pleasant. There are a number of IT risks that cannot be ignored or overlooked, especially in an era when anywhere, anytime computing is the order of the day. All kinds of perceived savings in cloud backup and recovery will have no meaning if you have to shell out thousands of dollars by way of compensation to your customers whose personal information has been compromised, hijacked, misused. This is apart from the immense loss of reputation and business that you will have to face
CIOs must realize that security begins at source. Your data must not be allowed to leave your premises if it is not encrypted with a user defined encryption key and a well tested and proven cryptographic algorithm. Cloud backup and recovery service providers use Bank grade or military grade cryptographic algorithms to encrypt your information. The most popular algorithms are Blowfish 64, 128, 320, 384 or 448, Triple DES 192 bits and AES 128 or 256. The encryption password or string is user defined and is to be retained by the user. The encryption is achieved by applying the user defined string several times. The repeated application is known as “rounds”.
Employees must be made aware that security is maintained at destination by the cloud backup and recovery service provider using software or hardware level security protocols. Though data is stored in an encrypted format in Cloud backup data repositories and decryption is not possible without authentication, users tend to be careless with their passwords. This leaves the data insecure. Data users must be educated to maintain the security of the cloud backup and recovery systems by being made aware of the security requirements for cloud backup and recovery. Sharing of passwords and other kinds of login information with unauthorized users can be dangerous. It is a fact that users fail to understand the import of security policies and the potential impact of their actions on the bottom line of the business—the data assets stored in cloud backup. It makes business sense to communicate with users on the security policy for cloud backups and repeatedly educate them on how security breaches can affect the organization and its employees.
It follows that breaching technology frontiers is not enough. Security is an imperative for deriving value from technology and pleasure from the experience.