Early History of Storage Devices
The evolution of data security started long before the first computer was invented. The original data storage system was simple – it included a file cabinet, secured with a lock and key. The system was as secure as it could be based on the given parameters, and less than efficient. The number of documents stored was limited by the size of the storage facility. The filing system was also riddled with human errors, resulting in many misfiled and lost documents. In addition, fire and natural disasters often wiped out stored documents forever. The old storage system was also expensive. The maintenance expenses of physical warehouses, the human labor costs to process documents, and the costs of supplies all contributed to the high price tag of storing paper documents.
With the invention of the first computer, in the 1950s the document storage system partially graduated from file cabinets to punch cards. Since computers at the time had no storage drives, using punch cards was a way to read data files or programs on multiple machines. The level of security of punch cards was exactly the same as that of a simple file cabinet.
In the 1950s and 1960s IBM came out with magnetic tapes, followed by the first disk drive that could store about 5 MB of data. It was hardly a portable machine, as it was the size of a refrigerator. A few years later, IBM created the first removable hard drive that consisted of 6 disks with storage capacity about 2.6 MB of data.
Removable floppy disks were the next big step in the history of data storage devices. Holding 1.44 MB of data, they were in use between the 1970s and 1990s. Floppy disks offered two types of protection to the stored data – a sliding tab, preventing data from being overwritten, and a simple password, limited to 8 characters.
Floppy disks also had another great advantage, as they enabled data to be easily transferred from one machine to another. While the portability of data was a huge step forward in terms of convenience, it also created a new problem – malware. The first computer virus spread by floppy disks is believed to have been created in 1982. Called Elk Cloner, it affected Apple Dos 3.3 and was originally created as a prank. Attached to a game, the virus spread quickly, as there were no anti-malware solutions available at the time, and most users were unaware of the problem.
The Elk Cloner virus was the first, but it quickly followed by other floppy disk malware programs. As the problem escalated, anti-malware solutions were written to combat the quickly growing problem. The first anti-malware programs were created in the late 1980s by G Data Software and McAfee.
During the 2000’s, the evolution of storage devices jumped forward yet again, with the introduction of the flash drive and the portable hard drive. Not only the storage size of devices became bigger (now measured in GB’s and TB’s), but also the protection of data improved significantly. In addition to simple passwords (that could be easily bypassed to access data), the new storage devices could be fully encrypted. The data could only be retrieved when the right credentials were entered, and became unreadable if accessed without them.
The popularity of the Internet which began to develop during the 1980s, opened up new possibilities not only for sharing, but for storing data. The actual practice of cloud computing, however, did not start actively developing until the early 2000’s. The upload and download speeds before prior to this were so slow it was not practical to move massive amounts of data into the cloud.
Cloud Storage Solutions
With faster Internet access, the cloud opened up new opportunities to all organizations. It introduced a new concept for storing, sharing, and using not only data, but also applications.
Cloud computing today is separated into 3 segments: SaaS (Software as a Service, or subscription services hosted in the cloud), PaaS (Platform as a Service, or a development environment for application developers), and IaaS (Infrastructure as a Service, or virtualized services).
Software as a Service (SaaS) is the largest segment of the cloud computing market. It brings in more than 50% of the total cloud computing market’s revenue (Statista, 2016).
Cloud services have made organizations more efficient and enabled them to provide a greater variety of services to their users.
The biggest advantages of cloud computing include reduced costs, ease-of-use, and scalability:
- Cost benefits – by storing data in the cloud, organizations don’t have to invest into on-premises solutions. There is no big initial investment to acquire technology, no routine upkeep fees, and no need to have IT people on staff to monitor and maintain the infrastructure. The only expense is a monthly service fee. It is usually very predictable, enabling organizations to easily calculate their costs months in advance.
- Ease-of-Use benefits – in the hosted model, the service provider takes care of everything, from routine maintenance jobs to possible emergencies.
- Scalability benefits – for organizations which experience fast growth, or have fluctuating storage needs, cloud computing offers a great way to rapidly expand their businesses with minimum downtime.
The demand for SaaS services is growing rapidly, and it is expected more than 80% of SMBs will be using cloud services by the end of 2016 (Forbes, January 2016).
Today, customers can choose from 4 cloud types, depending on their needs, as well as budget:
- Public Cloud – offered services are delivered over a network accessible to all subscribers. Thanks to the shared resources, it is the most economical model for most businesses.
- Private Cloud – offered services are delivered to one group of users on a private network. It can be managed by the IT department of the group, or by a third party, depending on the contract.
- Community Cloud – offered services are shared by two or more organizations with similar cloud requirements.
- Hybrid Cloud – offered services are a blend of the public, private, or community cloud infrastructures.
Security in the Cloud
Of course, while offering great advantages over on-premises solutions, cloud computing is not perfect. Security of data is the biggest concern of many organizations choosing to move their data from behind corporate firewalls and into the cloud.
Hacking into the cloud is an attractive proposition for many criminals. Although the majority of stories we hear often concern celebrities (such as the Apple iCloud hack of 2014), there are many more tales of corporate breaches which are often kept out of the public eye.
At the same time, when talking about cloud security, it’s important to differentiate between two types of hacks – the actual cloud hacks, and the individual user account hacks, which are typically the result of a phishing attack, rather than an orchestrated hack on the entire cloud.
There are a few things to consider when choosing a public cloud service provider, or a software-based cloud offering, to help minimize chances of a breach:
- Reputation of the company –the number of previous breaches experienced, how the breach occurred, and what steps were taken to rectify the problem. Additionally, if their client was harmed what remedies did they put in place and how quickly did they react. These factors could be good indicators and what you may expect as a patron.
- Standard security features – they should include anti-virus software, firewall protection and strong user authentication mechanisms. In addition, it’s a good idea to ask the provider to explain who can access your data inside their organization, and under what circumstances. In addition to protecting your data from natural disasters, the provider should also be able to safeguard the centers from physical break-ins. Determine what safeguards are in place to protect you from natural disasters as well as server downtime.
- Encryption of data in the cloud and while in transit – to ensure even if your data gets into the wrong hands, without the proper key it will become simply unreadable.
Hosted Email and Apps Security
Email is one of the most popular services hosted in the public cloud. When picking a hosted email provider with a security solution in conjunction. It’s not always an easy task, not all providers are forthcoming about the way their company, as well as their hosting partners, handle their customers’ data.
The items you would want to be looking for are as follows: Locate a system which provides Security while storing the information in the cloud. The system should minimally meet the following global security standards, including ISO27001, SOC, the PCI Data Security Standard, and Fed RAMP. The system should also be protected by SSH public key authentication using a multi-factor authentication token.
The system should use multiple layers of security to ensure that each client’s data stays securely encrypted using a minimum of 128-bit AES from end to end. Additionally, the information should remain encrypted at all times while at rest.
Over the past 70 years the way entities store and access enterprise data has changed radically. However, concerns about data security remain the same. Transparency of the provider’s methods, and their up-to-date security protocols should always be the first things to consider when looking for the best partner to safeguard our data.
Todd Sexton is President and CEO, Identillect Technologies
Latest posts by Todd Sexton (see all)
- Pokemon GO and Your Privacy - September 2, 2016
- Technology is Moving, Are You? - August 1, 2016
- Cyber Liability Insurance – A “Nice to Have” or a “Must Have”? - July 26, 2016