Security Ultimately Depends on Trust

The growth of cloud computing is making people think harder about security—that’s not a bad thing.  Organizations need to know that their cloud provider can be trusted to store their data securely and comply with any regulations their business may be subject to.

Technical protection measures depend on two pillars—Access and Identity Management (AIM) to ensure that only authorized users are allowed onto the network, and encryption to make the data unusable if it is intercepted at any point.  These rely on long passwords and security keys because the computing power needed to crack them increases exponentially with the number of characters—this leads to an endless race to stay ahead of computing power.  For example, recently it was announced that security services used powerful computers to crack the AES 128-bit encryption that was generally regarded as the gold standard for securing data.  Now, security has moved on to 256-bit and 923-bit encryption.  Amazingly, even the 923-bit encryption was cracked in 2012 by Japanese researchers, but it required cutting-edge supercomputers and took them 148 days.

Encryption depends on treating your data as a series of numbers and performing predictable mathematical operations on it using other numbers, known as keys.  Someone has to issue and store the keys and the process is vulnerable to impostors intercepting that process (man-in-the-middle-attacks).  Often the computing power required means that the encryption process takes place in the cloud, so your data has to be stored in the clear while it happens.  The Edward Snowden news reminds us that the technicians have access to everything, so it’s important to choose a cloud provider you can trust.

At Scisbo, our partners understand our customers' security, regulatory, and compliance obligations.  Their operations are audited annually by multiple independent firms to comply with SOC, PCI, HIPAA, FISMA, and other regulatory bodies.  Their data centers are covered by dual-standard SSAE 16 and ISAE 3402, SOC 1 Type II, SOC 2 Type II, and SOC 3 reports.  Each facility complies with the PCI Data Security Standard for physical security, information security policies, and managed firewall service; they also comply with HIPAA and NIST 800-53 for environmental and physical security controls.  Additionally, they register annually for adherence to the US-EU Safe Harbor Privacy framework.  All of this means that you can rely on our partners' security.  To learn more, contact us—we’ll help you secure a cloud provider you can trust.