top of page
  • Writer's pictureViddle

Data Cloud Storage - Considerations

Updated: Aug 6, 2022

Saving data in today’s society has moved from the good old days of hard drives, memory sticks and floppy discs. More and more businesses, agencies and individuals are opting to use cloud data storage instead of relying on physical devices such as a hard drive and manually move data over. However, is storing your data in the cloud the right answer? How safe is data cloud storage? And more importantly, where is it held? The answers are not always straightforward and coming from a non-tech background, the information can be overwhelming. In this article, we will look at the things you should consider when you decide how to store your data in the cloud.


Investigation Management Software, cloud storage

The biggest benefit of using cloud storage is convenience. With just a click of button, its up in the cloud, out of your hands and you don’t have to deal with it until you need again in the future whereby, you’re just another click of the button away from accessing it. It’s simple, easy and there is no more locking your hard drive away or keeping it somewhere safe.


The other benefit is the cost effectiveness. On eBay, the average cost of a ‘SanDisk’ USB 16GB memory stick is about $5.00 (USD). In Google cloud drive, you get 15GB data for free every month. I personally have over a dozen USB memory sticks in my office drawer and whenever I need to use one, I’m nowhere near my drawer and end up buying another memory stick.


Physical storage of hard drives can be costly, especially for businesses or agencies that require medium to large scale servers. In these types of scenarios, you need to consider things as a secure storage facility to house the hard drives, back up functionality for data, sufficient ventilation to avoid overheating and appropriate backup power if there is a blackout.


Is storing data in the cloud secure?

If you look at the concept of cloud storage, you are essentially sending your personal information to a company. The company (whom you don’t personally know) now has access to your personal data and you are relying on them to keep it safe. The legislation and measures that they need to follow to keep your data safe will vary greatly and depend on the locality of the company. Therefore, it is important to know where your cloud data is located and if their security measures meet you and your customer’s requirements.


The continual improvements in cloud data security means that the security measures around your data also improve, however this does not necessarily mean its 100% secure. Just as you lock your hard drive away in a cabinet or secure storage, criminals will always find a way to break in despite the controls you have in place. From experience, criminals work on 3 main variables before committing the crime - capability, capacity and opportunity. The same concept works for cyber criminals, for example The Great iCloud Hack in 2014 (1) that revealed how hackers were able to access personal pictures of Hollywood celebrities by using an API to breach the Apple iCloud data. The consequences resulted in breach of personal and private images of famous celebrities that were circulated all around the social media, it was huge embarrassment (and wake up call) to Apple as it considered to be one of the more secure platforms to use.


Despite all this, cloud data storage is likely to be more secure than keeping it in your home computer. Physically, the cloud data servers are housed in secured locations, they are well equipped and can handle power outages and heating issues. Furthermore, cloud servers generally have encryption security measures making it difficult for hackers. Hackers have a better chance in gaining access to your home computer by malware infection than a encrypted server of a Cloud data company.


Amazon Web Services (AWS) have a list of security management features making it almost impossible for hackers to infiltrate their systems. Features such as server-end and client-end encryption blocks any intrusion of hackers accessing the data and transferring the data from one place to another. The list goes on with Identity & Access management and the Amazon Macie feature which truly gives the user confidence that their information is safe and secure. Viddle recognises the superior capability and proven history of securing data by AWS and choose this platform for the data storage needs.


Does your cloud storage comply with the appropriate standards?

Cloud services providers such as Google drive, Flamenetworks, Upcloud or AWS adhere to the Cloud Infrastructure Services Providers in Europe (CISPE) regulations which is a big deal because its policies on data protection are in line with the General Data Protection Regulation (GDPR). These are a set of standards adopted as law by the European Union and United Kingdom to protect personal data and privacy for their residents.


Apart from complying with the CISPE and GDPR, these service providers have certifications including ISO 27017 (Cloud security) and ISO 27018 (Cloud privacy). These certifications ensure that the company uses the best practise possible to protect and secure your data from harm. As mentioned previously, nothing is ever 100% bullet proof but cloud data companies that attain a high level of data protection and privacy shows their commitment and integrity to your data.


Where is your data held?

An Investigation Plan is an important part of all investigations. It is a fluid planning document that sets out the objectives, evidence required, timeline, direction and structure of the investigation. The AGIS provides the standard required to create an investigation plan. It outlines the basis of the Investigation Plan and provides accountability to the investigator.


It is often overlooked and easily assumed but your data is held in the country you live in but that is not always the case. While organisations commit to their obligations to protect and secure your data, storing it in a foreign country is likely to include jurisdictional challenges of that location. What it comes down to is what are the privacy laws in where your cloud data is held. Some countries have policies that provide a high level of privacy protection to their citizens while other countries may seem ok but in fact gives their governments green light to look at their data.


In the United States, there is no single encompassing law for cloud data protection across the states, however it has implemented sector specific laws that work together such as Health Insurance Portability and Accountability Act 1996 (HIPAA) that provides compliance and protection of sensitive health data of US citizens.


Switzerland is ranked one of the best places for data privacy. Under Article 13 of the Swiss constitution, guarantees the citizens right to privacy and there are strict federal laws in place to protect your data (2). In addition, Data controllers and processors are required to keep a record of their data processing and activities. Disclosure of data to third parties without permission is a breach of data protection and lead to a criminal offence.


In Australia, there two main laws that provide protection in Cloud data services, The Privacy Act (1988) and Australian Consumer Law (ACL). The Privacy Act outlines the obligations businesses must adhere to in order to handle personal information on consumers. Personal information is any information (or opinion) that identifies the consumer to the public. The framework of the Privacy Act (1988) is through the Australian Privacy Principles (APP) which govern standards, rights and obligations around collection, use and disclosure of personal information (3). In short, The APP provides 13 standards to ensure the data protection of consumer information.


The ACL on the other hand, is focused towards protecting Australian consumers from unfair, false or misleading agreements from Cloud service providers. For instance, if a Cloud service provider fails to secure or live up to its promise of private storage of data, it is therefore in breach of the ACL guidelines whereby the Australian Competition and Consumer Commission can intervene (4).


Final Verdict

More and more businesses, agencies and people are switching to cloud storage as it is becoming more secure and stringent in protecting consumer privacy and security. However, like most well intentioned secure cloud systems out there, not one is 100% full proof. Therefore, it is important to do your research whenever you sign up to a cloud service provider and check its certification and credentials. Moreover, it pays to also confirm where the data is held and what governing laws does that foreign country have around cloud data privacy and security.


16 views

Recent Posts

See All

Comments


bottom of page