Welcome!

SDN Journal Authors: TJ Randall, Yeshim Deniz, Liz McMillan, Elizabeth White, Pat Romanski

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog, Cloud Security, @DXWorldExpo, SDN Journal

@CloudExpo: Article

The Security of Popular Cloud Storage Sites

Should you think twice about using apps such as DropBox? Here is where some of the concerns begin

For enterprises moving more business and customer data to the cloud, investigating and selecting an online storage solution can be a challenging task. A primary concern is the level of data security offered by the sites being considered. While the theme holds true across all of the major providers (Box, DropBox, SkyDrive), for the purpose of illustration I'll focus on DropBox since it is arguably the most popular site boasting over 100 million users.

Here is where some of the concerns begin; DropBox experienced a major security breach in July 2012, specifically involving user passwords. In response to the attack, DropBox attempted to improve password security by implementing two-factor authentication.

But just last month though, a pair of researchers released a paper claiming they had reverse-engineered the DropBox application, providing details for how hackers could potentially access private user data. Their goal in releasing this paper was actually innocuous, but provides a disturbing example of what hackers can still do to bypass password security methods to access valuable data stored in DropBox.

As I mentioned, there are other DropBox alternatives to consider, but the decisions around cloud storage implementation needs to go beyond a conversation of just Box vs DropBox or SkyDrive vs. DropBox. Decision makers should be concerned about the ever-evolving threat of cyber-attacks and potential for unauthorized access by third parties (including governmental agencies) and what that means for the future of cloud storage.

The most important questions for Enterprises to consider in regards to cloud storage is this: How can we maintain complete control of our data while taking full advantage of the benefits online cloud storage provides?

The solutions lies in strongly encrypting or tokenizing all data fields while the data is still on premise, before sending it to the cloud. These techniques keep data securely in the hands of the enterprise. With encryption, the enterprise owns the keys; with tokenization they own the token vault. These processes render all sensitive customer data stored and processed in the cloud useless to hackers of the cloud service. This gives an enterprise confidence in sending data online while allowing the organization to take full advantage of the efficiencies and benefits offered by cloud storage sites.


PerspecSys Inc. is a leading provider of cloud protection and cloud encryption solutions that enable mission-critical cloud applications to be adopted throughout the enterprise. Cloud security companies like PerspecSys remove the technical, legal and financial risks of placing sensitive company data in the cloud. PerspecSys accomplishes this for many large, heavily regulated companies across the world by never allowing sensitive data to leave a customer's network, while maintaining the functionality of cloud applications. For more information please visit http://www.perspecsys.com/ or follow on Twitter @perspecsys.

More Stories By Gerry Grealish

Gerry Grealish is Vice President, Marketing & Products, at PerspecSys. He is responsible for defining and executing PerspecSys’ marketing vision and driving revenue growth through strategic market expansion and new product development. Previously, he ran Product Marketing for the TNS Payments Division, helping create the marketing and product strategy for its cloud-based payment gateway and tokenization/encryption security solutions. He has held senior marketing and leadership roles for venture-backed startups as well as F500 companies, and his industry experience includes enterprise analytical software, payment processing and security services, and marketing and credit risk decisioning platforms.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


CloudEXPO Stories
With the introduction of IoT and Smart Living in every aspect of our lives, one question has become relevant: What are the security implications? To answer this, first we have to look and explore the security models of the technologies that IoT is founded upon. In his session at @ThingsExpo, Nevi Kaja, a Research Engineer at Ford Motor Company, discussed some of the security challenges of the IoT infrastructure and related how these aspects impact Smart Living. The material was delivered interactively to engage with the audience.
CloudEXPO has been the M&A capital for Cloud companies for more than a decade with memorable acquisition news stories which came out of CloudEXPO expo floor. DevOpsSUMMIT New York faculty member Greg Bledsoe shared his views on IBM's Red Hat acquisition live from NASDAQ floor. Acquisition news was announced during CloudEXPO New York which took place November 12-13, 2019 in New York City.
Atmosera delivers modern cloud services that maximize the advantages of cloud-based infrastructures. Offering private, hybrid, and public cloud solutions, Atmosera works closely with customers to engineer, deploy, and operate cloud architectures with advanced services that deliver strategic business outcomes. Atmosera's expertise simplifies the process of cloud transformation and our 20+ years of experience managing complex IT environments provides our customers with the confidence and trust that they are being taken care of.
In his session at 23rd International CloudEXPO, Raju Shreewastava, founder of Big Data Trunk, will provide a fun and simple way to introduce Machine Leaning to anyone and everyone. Together we will solve a machine learning problem and find an easy way to be able to do machine learning without even coding. Raju Shreewastava is the founder of Big Data Trunk (www.BigDataTrunk.com), a Big Data Training and consulting firm with offices in the United States. He previously led the data warehouse/business intelligence and Big Data teams at Autodesk. He is a contributing author of book on Azure and Big Data published by SAMS.
ShieldX's CEO and Founder, Ratinder Ahuja, believes that traditional security solutions are not designed to be effective in the cloud. The role of Data Loss Prevention must evolve in order to combat the challenges of changing infrastructure associated with modernized cloud environments. Ratinder will call out the notion that security processes and controls must be equally dynamic and able to adapt for the cloud. Utilizing four key factors of automation, enterprises can remediate issues and improve their security posture by maximizing their investments in legacy DLP solutions. The factors include new infrastructures opening up, public cloud, fast services and appliance models to fit in the new world of cloud security.