Data Security for SaaS, PaaS, and Social Media

One of the most common objections to cloud computing is that cloud computing poses too great a risk for data security. Internal data that is being stored safely in an internal data center may be subject to interception in transit to or from a remote application. It might also be vulnerable when stored in the cloud itself.

Cloud vendors such as Amazon, Google, and Salesforce are going out of their way to demonstrate tight security controls to major clients. Nonetheless, a lot of CIOs, CSOs, and others have their doubts.

It's worth pointing out that, whether they realize it or not, most enterprises are leaking—nay, hemorrhaging—data to the public Internet. As I wrote nearly a year ago, summarizing some fine reporting in InformationWeek, P2P applications alone are responsible for massive data leaks even at large, public companies.

When InformationWeek reporters investigated P2P networks to find out just how much confidential data was being accidentally leaked by P2P networks, they were shocked at what they found. Users were inadvertently publishing "spreadsheets, billing data, health records, RFPs, internal audits, product specs, and meeting notes . . . files with the home and cell phone numbers of senators, confidential meeting notes, and fund-raising plans [for a state political party] . . . spreadsheets listing patients' names along with their HIV and hepatitis status . . . [and] a slew of court documents regarding a sticky divorce."

Fortunately, there's technology available to detect and thwart such leaks. Data leak protection (DLP) products, often available as network appliances, can scan data leaving the network and raise an alarm about confidential data leaking out. A lot of companies have jumped into this market; a few years ago, no less than 46 different start-ups were tackling this problem. A few companies have emerged as leaders. You can learn more about DLP at this informational site: www.dlpindepth.org.

Certainly it makes sense for any medium or large enterprise to have a DLP solution in place. Once it's in place, it should provide effective monitoring and control over data posted to the cloud.

DLP doesn't address the problem of security vulnerabilities in cloud storage, but it does address vulnerabilities in cloud communications, and it also enables enterprises to ensure they know what data is being posted to the cloud in the first place, regardless of whether the destination is Salesforce.com, AWS, Facebook, or some other app.