Trend Micro expert warns that cloud data can move under its own volition

According to Dan Crowe, a product marketing manager with Trend Micro, there is a problem with cloud data and its propensity - usually driven by the cloud service provider's automatic replication systems - to be copied between at least three data centres.

And since the user thinks that he data is stored at one data centre, Crowe - who is also a veteran of Oracle and Symantec - says this can pose a security problem for corporates.

Crowe calls the problem "data motility", adding that he uses the term motility rather than mobility because data isn't just portable in the cloud - it can get up and move on its own.

"Your information placed in the cloud will be available when you want it; you just won't know where it's living from one moment to the next. Take for example the Amazon EC2 claim of 11-9s availability", he said in his security blog.

"This level of persistence all but ensures that your company's critical information is replicated across at least three different data centres, the locations of which are very likely unknown to your storage and application administrators", he added.

The Trend Micro security expert goes on to say that this can mean that the critical human resources data you thought was in a data centre on the West Coast of the US on a Wednesday evening "is smeared across the continental United States or Europe [by] Thursday morning."

Because of this, Crowe argues that simply protecting against 'who' can see or steal your data isn't enough, meaning that firms must now also protect against where the data resources are located.

The solution to data motility, he says, includes taking a data lifecycle approach to your cloud-stored information and conducting a data de-duplication program.

"Lastly, when in doubt - encrypt! Standard 256-bit encryption of your storage volumes should deter the curious administrator or seasoned hacker from prying, thieving or simply poking around where they don't belong", he says.

"Encryption will also reduce the risk that repurposed storage devices could contain important information when volumes are vacated or when the associated drives are reclaimed for replacement", he adds.

What’s hot on Infosecurity Magazine?