As we all know, the cloud does all of the following:
- Permits the upload of files and folders by users from anywhere, anytime and from any kind of device.
- Permits real time access to files and folders from anywhere, anytime and on any kind of device
- Collaborate and share files and folders with anyone on the network or outside the network.
- Permits restoration of files to same, similar or new hardware anywhere, anytime.
There are a number of administrative and security issues that are instantly visible:
- Files have to be organized hierarchically and tagged for easy view, search and retrieval.
- The IT Administrator must have the facility to provide role-based access to the files and folders using some kind of user management system.
- Notifications and alerts must be generated whenever a file or folder is shared or assigned on a collaborative project.
- Notifications and alerts must also be received by the administrator whenever an attempt is made to access a file without requisite permissions being available.
- Audit trials and audit logs must be maintained for verification and action whenever required.
Cloud service providers are conscious that the cloud must enforce people process automation in order to maintain security of the enterprise data throughout its life cycle. They do it in the following ways:
- Most cloud based services integrate elaborate user management systems into their software. The authentication and authorization servers are maintained separate from the database servers. Access to the data is provided only when the user enters the correct user id and password assigned within the enterprise storage account management system by the IT Administrator. If the user is authenticated, the system allows operations on the data in accordance with the rights and permissions assigned to the user. Else, the data will remain inaccessible. However, the system will not be able to distinguish between the authorized/authenticated user and others if passwords are indiscriminately shared by users.
- Cloud service providers create an additional layer of security by implementing elaborate cryptographic algorithms for encryption of data that is transmitted and stored by customers in their servers. Hackers attempting to view the data by alternate routes will be confronted with 256-bit impregnably encrypted versions of the data. Without the Key (which is generated and managed by the IT Administrator), the hacker can neither view the data nor hijack it.
If you are migrating to the cloud, check whether the above people process automation systems are being placed at your disposal!