As of January 2022, iland is now 11:11 Systems, a managed infrastructure solutions provider at the forefront of cloud, connectivity, and security. As a legacy iland.com blog post, this article likely contains information that is no longer relevant. For the most up-to-date product information and resources, or if you have further questions, please refer to the 11:11 Systems Success Center or contact us directly.
Data is the lifeblood of modern businesses and, consequently, the protection of data is critical. Protection from loss isn’t the only protection data needs these days. The theft and leakage of data can cause massive damage to a company and its customers, and has unfortunately become all too common. With so many reports of data leaked from cloud object stores, 11:11 wanted to help our customers manage these risks when we launched the 11:11 Cloud Object Storage product.
Is Cloud Storage Failing Data Security?
Cloud-based object storage has the ability to scale larger than block or file-based systems for unstructured data, which makes it ideal for many different use cases. Corporate file sync and share services, document management systems, IoT device data repositories, big data analytics and video file storage are all common use cases for public cloud hosted object storage. Data protection vendors like Veeam are also introducing the ability to tier backups into object storage to help reduce the reliance on tape and the costs of long-term retention and to provide limitless capacity with minimal effort.
When reviewing the numerous leaks of this type of data from cloud object stores, it becomes obvious that most aren’t due to poor security on the cloud vendor’s part. Most are actually due to misconfiguration on the part of the customers, commonly because the “buckets” were configured as public instead of private. This is equivalent to building a house and not installing locks on any of the doors or windows.
When utilizing any public cloud technologies, businesses are agreeing to a shared responsibility model for their data. While it varies from provider to provider and technology to technology, the common result is that the cloud provider is responsible for the uptime and security of the infrastructure and the customer has some level of responsibility for configuring the proper security to protect their data.
While all of these reports should cause concern to anyone storing data in the cloud, it shouldn’t prevent the use of cloud storage when it can be properly secured. In fact, even data stored internally needs to be protected appropriately, so no matter where the data resides, proper precautions are key.
Proper Security for Object Storage in the Cloud
Similar to securing data within a private data center, protecting data in the cloud requires several layers of protection. With object storage, ensuring everything is set to private is the first and most important step. Businesses should always follow the same strict policies for users, passwords, groups and permissions in the cloud as in their own data centers.
One of the great advantages of using a cloud-based object store is sharing files with external entities. When these third parties would normally not have access to the rest of the object store, many object stores provide the ability to generate a time-limited URL to access a given file. This prevents administrators having to modify permissions every time a single file needs to shared and reduces the chances that additional data will be exposed. When IT can provide a solution that is both functional and easy to use for end users, the use of shadow IT will be greatly reduced and lead to overall better control of company data.
Encryption of data is another important element to protecting critical data. Many businesses today need to ensure data is encrypted at rest in order to protect it at a physical layer and ensure regulation compliance. Ensuring the data is encrypted while being transported to and from the cloud provider is key as well. Many cloud providers offer these capabilities as either a default configuration or as configurable features. But, encrypting at rest and in flight doesn’t provide data security if the objects are accessed through an unlocked front door. To protect this data from accidental exposure via a misconfiguration or stolen credentials, files should be encrypted prior to uploading them to the object store.
Of course, as with any security configuration, it should be reviewed regularly to ensure any configuration drift hasn’t inadvertently exposed sensitive data. Depending on the cloud provider and the level of shared responsibility, this may be entirely self-service for the customer or could require interaction with the provider’s support staff.
Making Data Security Easy with 11:11
With a security-first approach to cloud infrastructure, 11:11 has gone further than most cloud providers to help customers keep their data out of the wrong hands. All “buckets” are created private by default. All objects are stored on encrypted storage and are only available via HTTPS. Customers manage their object storage through the 11:11 Cloud Console, which has been designed to be as simple as possible, so configuration of the environment is less prone to error due to confusion. The console also provides access to robust reporting that helps customers understand their security vulnerabilities and compliance to common regulations.
With a global reach in multiple regions, 11:11 is also well positioned to ensure data remains in the right physical location to comply with data sovereignty regulations. The console makes this easy as well, by allowing customers to manage their infrastructure across multiple 11:11 data centers within the same interface using global credentials.
On top of all this, 11:11 customers have easy access to our internal compliance, cloud services and cloud support teams. Anytime they have questions or concerns, they can call these teams to ensure their environment is configured correctly and to help with reporting for audits. They receive highly attentive assistance to ensure successful on-boarding from both project managers and certified engineers. Our highly experienced support engineers are only an email or phone call away, and are available to customers for everything from a critical outage to advice on setting up their environment.
Keeping data secure is critical for every business, regardless if the data is in the same building on infrastructure completely managed by the business or in a public cloud. Internal and external forces are equally likely to affect data in both cases. Despite all of the bad press, it is very possible to make data in a cloud-based object store every bit as secure as data on-premises, especially when utilizing a public cloud provider that makes security a top priority.