In a recent blog post about storing information on a public cloud service, NextCloud summarized their view on the subject. Spoiler alert: they don’t like it. The idea that you really have little control over who has access to your data and where your data is actually stored are real issues when using services such as DropBox or Google Drive.
Using the simple example of a shared link gone rogue, the post says that if someone gets access to a company email containing a link — either through forwarding or something less innocuous — anyone could have access to company information behind the link. Even if employees are diligent about respecting data policies, one minor misclick could become a catastrophic breach.
The location of your data is another detail that is often overlooked. So you choose a public cloud service to host and store your data, but where are their servers located? Respecting user privacy and meeting compliancy requirements aside, many companies have their servers located in different countries to save on cost (or other reasons). Because different countries have differing privacy laws and restrictions, foreign governments could have access to your information and many companies won’t actually disclose where (in the world) their servers are located. Data sovereignty is a relevant topic which we will discuss in a future blog post. Then there is the reliance on a single infrastructure provider. If your public cloud service provider goes down, your data goes down with it and there is no guarantee on how long it will take to get back up and running. This affects your business and your security because a public cloud service is shared across multiple subscribers, so depending on the level of corporate data you are sharing your public cloud server with, your collective data becomes much more attractive to hackers. This was the case in 2012 when hackers stole login information for over 68 million Dropbox users. And, if there is an attack you may not even get notified because, as we know, some companies tend to get shy when admitting to such. In 2017, Equifax waited six weeks to notify the public about a several-month-long breach that exposed personal and financial information of over 148 million people.
StormFree has developed its platform to ensure your data is manageable, customizable and controllable...by you. Our stack is highly integratable with multiple cloud infrastructure providers and all users have control of their data, so they can access, audit, or delete it as required. Our stack consists of a uniform management, control, and data plane with end-user authentication for any integrated services, including products such as NextCloud providing file management, and federates applicable services across providers with auditing at every layer. We have built the platform using turnkey IaC tools that actively orchestrate and deliver cloud data centres with the same ease as traditional big iron data centres.
Our platform leverages multiple providers, so businesses will no longer be locked into using, and being reliant upon, a single infrastructure provider. Deploy your data from the best location and leverage multiple providers so you aren’t dependent on one failure point.
Our software safely transfers user information using end-to-end encryption with minimal meta data to secure databases and systems for transmission, processing, and storage of data. So services such as emailing and messaging are secured on both ends regardless of accidental forwards or intercepts. This encryption is used for data in transit and at rest and the encryption keys are always in the hands of the user.
A public cloud service is a good choice for any business because of its lower cost and fairly straight forward subscription process, but you have to take it a few steps further in order add more security, flexibility, and control. Sure there are some add-ons and customizing available within a main stream public cloud service, but it’s still very one-size-fits-all. There’s a few sizes, but not tailored to fit you.
If you have questions about software as a service (SaaS) or questions about our stack, drop us a line.