What Are the Risks Involved With Cloud Storage?

risks involved with cloud storage

While cloud storage offers numerous benefits, it’s important to be aware of potential risks associated with this technology. Here are some common risks involved with cloud storage:

  1. Data Breaches: Cloud storage providers are responsible for securing your data, but no system is entirely immune to data breaches. A breach could potentially expose your sensitive information to unauthorized individuals or cybercriminals.
  2. Data Loss: Although cloud storage providers typically have robust backup systems, there is still a small chance of data loss. This could occur due to hardware failure, natural disasters, software bugs, or human error. It’s important to have additional backup measures in place to mitigate this risk.
  3. Limited Control: When you store your data in the cloud, you rely on the provider’s cloud infrastructure and security measures. This means you have limited control over the physical storage environment, data handling processes, and security protocols implemented by the provider. It’s crucial to choose a reputable and trustworthy provider to minimize this risk.
  4. Service Disruptions: Cloud storage services can experience downtime due to various reasons, such as maintenance, power outages, or network failures. During these disruptions, you may be unable to access your data temporarily, which can impact your productivity or business operations.
  5. Compliance and Legal Issues: Depending on your industry or geographical location, storing certain types of data in the cloud may raise compliance and legal concerns. You need to ensure that your cloud storage provider complies with applicable regulations and provides adequate data protection measures to avoid potential penalties or legal consequences.
  6. Vendor Lock-In: If you heavily rely on a specific cloud storage provider and its proprietary technologies, switching to a different provider may be challenging. This vendor lock-in can limit your flexibility, scalability, and bargaining power. It’s advisable to choose cloud storage solutions that allow for easy data migration and interoperability.
  7. Dependency on Internet Connectivity: Cloud storage relies on an internet connection for data access and synchronization. If you have limited or unreliable internet connectivity, it can hinder your ability to access your data in real-time or perform backups effectively.

Other Human Risks Involved with Cloud Storage

A recent survey by WinMagic, a UK-based storage security firm, highlights some interesting, if not disturbing, information about employee use of cloud file and storage services. Speaking with over 1,000 employees at companies with at least 50 employees, the survey found that both users and businesses appear to be unclear about the need to protect cloud data, and how to do it.

Key findings of the survey:

  • Only 35% use a service sanctioned by their employer
  • 50% use personal equipment to access work information and services at least once a week
  • 65% of employees don’t have or don’t know the company policy on cloud storage
  • 5% use cloud services knowing that the service has been restricted by the company

The disparity between IT policies regarding the use of cloud storage and employees habits is troubling, particularly given the risk of data corruption, loss, and breaches.

The solution is not to avoid the cloud due to the perceived risks involved with cloud storage. Nor should you create a draconian culture around technology and cloud usage.

To mitigate Cloud Storage Risks, Consider Implementing the Following Measures:

  • Create and share a clear, concise policy on the use of cloud services, and IT in general, for your company
    • Clearly require that work related to data to be stored only in sanctioned systems and services, and the work and personal applications and data be completely separate.
  • Provide a suite of services that meet users’ needs
    • Ask users which tools help their productivity and evaluate the secure, business versions. Remember that one size does not fit all and you may need or want multiple options.
  • Monitor and manage access, security, and privacy
    • Deploy systems that let you monitor and manage access to company data, the security of the data, and your data privacy compliance. In addition to user identity and access controls, monitor and manage file permissions based on content along with 3rd party application (especially mobile app) access to your data.
  • Inform and educate your team
    • You do not need a series of boring lectures and meetings to indoctrinate your team into the new world order. A clear, concise discussion regarding appropriate use policies gets the message across.
  • Be nimble and communicate
    • Cloud is still fairly new and services are constantly evolving and launching. Users’ needs are changing constantly as well. If you can respond to your users with tools and services that meet their needs, you eliminate their “need” to circumvent the official tools. Communication about why certain

By being aware of these risks involved with cloud storage and taking appropriate precautions, you can make informed decisions about utilizing cloud storage effectively while safeguarding your data.

A balance of useful and secure cloud services, clear policies that promote responsible use, and tools that monitor and mitigate risks will improve not just your security profile, but your efficiency as a business.

We offer a range of data protection & security services, contact us to learn more.



Cloud File Services: How to Define Their Role and Manage Data Better

cloud file services

What Are Cloud File Services?

Users can store, access, and exchange files and data via online platforms known as cloud file services, also referred to as cloud file storage or cloud-based file sharing services. Without the use of physical storage devices or on-premise servers, these services offer a practical and effective solution to manage files from numerous devices and places.

Cloud file services can fill many different roles for your business. Often, the use of cloud file services begins with employees using consumer products, like Dropbox, to share files with customers and each other. While sync-and-share can be an effective way to manage files, you should always rely on the business editions to ensure that the business is in possession of, and is managing, your data.

That said, this use of file sync-and-share tends to be transient in nature. At the other end of the spectrum, many businesses are replacing on-premise servers, NAS, and SANs with cloud file services, which become the primary file service.

To help you plan how to create the best cloud file service for your business, consider these working definitions and considerations with respect to data protection and management.

Define the Role of Your Cloud File Service

Transient File Service

  • Transient file services are used occasionally for storage and sharing of files.
  • Often a sync-and-share service (Dropbox,, etc) or a peer-to-peer service (Drive, etc.), files are copied to the file service and shared.
  • In most cases, files sync back, or are manually copied, to their primary location. As the primary location for files is protected by backups and permissions management, transient file service generally don’t need or have backup protection.
  • Permissions management is often the responsibility of the individual users. As such, transient file services should not be used for sensitive or protected (PHI, PCI, etc) information.

Secondary File Service

  • A Secondary File Service will fill the role that the Transient File Service provides, but will also be the home — the system of record — for some information.
  • Companies create Secondary File Services to handle information that is used collaboratively, but wants to keep internally-used data and critical business information in-house. An architecture firm, for example, might have active projects residing in a cloud file storage service while keeping past project data and internal operations (HR, finance, accounting, strategy) on in-house systems.
  • While sync-and-share can serve the needs of secondary file server, peer-to-peer and managed file services provide better control over your data.
  • As a Secondary File Service will be the system-of-record for important information (i.e., the data is not synced or copied to other storage), these file services should be protected by Backups.
  • Secondary File Services may or may not be used for sensitive or protected information. If they are, then active permissions monitoring and management is advised to prevent inappropriate disclosures, leaks, or breaches.​

Primary File Service

  • A Primary File Service becomes the system of record for most, if not all, of your company’s files and data. As such, the cloud file service will hold sensitive and protected data.  Access, permissions, and protection are as critical in the cloud as they are on-premise.
  • Backup/recovery and active permissions management become critical components for ensuring data reliability, security, and privacy, and may be required for regulatory or industry compliance.
  • While smaller businesses can use the peer-to-peer, larger businesses or those with larger numbers of files find that a managed and structured file service works better.
  • Centralized ownership and control over permissions improves security and efficiency.
  • Sync-and-share services may still be used to support off-line work, but should be managed closely to ensure sensitive and protected data remains secure.

 Hybrid File Service

  • A Hybrid File Service exists when the Primary File Service is split between on-premise servers and cloud-based file services.  A Hybrid File Service differs from the use of a Secondary File Service in that the Hybrid File Service sees both on-premise and in-cloud as equal components of the ecosystem. Data location is based on access needs and usage rather than on the type of data.
  • For some organizations, Hybrid File Services represent a transition period from on-site to cloud file services. For others, Hybrid File Services reflect a broader hybrid cloud strategy that mixes SaaS and IaaS services with on-premise systems.
  • As Hybrid File Services create a cloud-based extension of on-premise servers, a managed file service with central ownership and permissions control is most often the best structure.
  • With a Hybrid File Service, the cloud component requires backup/recovery and permissions protection on-par with your in-house servers.

By understanding and defining the role of your cloud file services, you have a better understanding of the type of managed cloud services to use — sync-and-share, peer-to-peer, or managed file services. You can also best determined the level of backup/recovery, access, permissions, and encryption you want and need to meet your business’ needs and any regulatory or industry requirements.

Where is Your Cloud Bandwidth Bottleneck?

When speaking with companies and schools about moving to cloud solutions like Google Apps and Google Cloud Storage, we are often asked about bandwidth demands.  Many organizations worry that their current Internet connections are not sufficient for cloud computing.  While most organizations already have more than enough Internet bandwidth, they may still have performance bottlenecks from their internal network.

Many small and mid-size enterprises make infrastructure decisions, electing to save money with consumer grade and so-called “SMB” products.  In many instances, these products are not designed to handle business traffic.

WiFi Access Points: Low-end WiFi Access Points, or WAPs, are not designed for a large number, or large traffic, connections.  While these devices claim they can support dozens of devices, the reality is that their antennae systems, channel management, and software are not up  to the task.  These devices can bog down with collisions, reducing the effective bandwidth to near zero with as few as 5 or 10 active users.

Switches and Hubs: The same load considerations exist for low-end switches and hubs, particularly those with slower back-planes and less memory.  Traffic bursts can overload these devices, creating “collisions” that slow down your network.

Routers: Many entry level and SMB routers do not have the processor or back-plane speed needed to meet the traffic demands for today’s network.  The router between your network and the Internet needs to be fast, with the ability to buffer traffic, and provide network services.  While changing to cloud solutions may not dramatically alter the amount of traffic, it changes the pattern.  An underpowered router can slow traffic like a broken toll booth gate.

For most small and mid-size businesses, network performance planning for cloud solutions should start at the ends and work towards the middle.  Look at your Direct Internet Access capacity and your WiFi and move inwards to the router, hubs, and switches.  A well planned network will improve performance, reliability, and productivity.



Tuesday Take Away: 8 Ways that Clouds Beat Blizzards

Once again, the team and I at Cumulus Global found ourselves working from our homes, pizza shops, libraries, and coffee shops.  An unusual and record-breaking October Nor’easter dumped about a foot of very heavy and wet snow on us, snapping power poles and trees like, well, twigs.  In our area of the state, most towns reported between 60% and 100% of residences and businesses without power.  Starting on Saturday evening, many will be without power until late Thursday or Friday.

Businesses tied to their physical offices, again, are learning the hard way how Cloud Computing can help keep things running when life throws the unexpected your way.

1) Message Continuity

If you run MS Exchange, Google Message Continuity not only provides you with bullet-proof spooling if your server or Internet link are down, you get Gmail’s web interface and the ability to send and receive emails.  And while most email contingency services dump all activity in your spool to your inbox (including sent message), GMC actually syncs your sent and saved messages, preserving your folders and your sanity.

2) Cloud Storage Mirror

Different than backing up for restores or recovery, synchronizing or mirroring local and network data to a cloud service gives you the ability to access and use your documents, usually through a web interface, from anywhere at anytime.  Matching the cloud service and the sync tool to your needs ensures your critical data is available even if your office is not.

3) Google Talk

With a laptop or smartphone, the Google Talk app, and an Internet connection anywhere, you can communicate with your team and your associates securely via instant messaging, voice conferencing, or video conferencing.  Don’t worry of phone lines or in-house PBXs are down, with Google Talk you can see who is available and converse at will.

4) Google Voice

Get your laptop to an Internet connection with a headset and microphone and you can send and receive calls without a fuss.

5) Hosted VoIP Phone Services

It may seem like the throw-back to the days of Centrex, but hosted VoIP (aka Hosted iPBX) services keep your phone lines working regardless of what is happening with your building.  And, you can access and use your lines, extensions, and voice mail from pretty much anyplace with either a VoIP phone, softphone software on your laptop, or your smartphone.

6) Cloud-Based Email

If you are thinking of using the cloud as a contingency service because cloud-based email is going to be available when your in-house system goes off-line, why not make the more reliable service the one you use every day?  Do you need or want to keep your in-house server when a cloud-based service will be more reliable and more available?  Ok, it’s a loaded question … but still worth some thought.

7) Cloud File Services

Just as with cloud-based email, Cloud File Services will prove more reliable and available over time, and especially during emergencies.  Granted, you may have applications, and work flow issues that make using cloud file services as your primary file service impractical.  But, you will never know if you don’t take a look. And, many of these requirements work with the right local sync technology in place.

8) Google Apps for Business / Government / Education

There, I finally said it.  Google Apps gives you the reliability and availability of the cloud-based Gmail, cloud storage you can mirror or sync, Google Talk, Google Voice integration, and a cloud file service.  Better yet, Google Apps rolls these services into an integrated, affordable package with access from most any computer and smartphone.  Some of the solutions may require third party components.  But, when disaster strikes (and disasters will strike), why not have an IT Ecosystem that is resilient to available rather than you you need to recover.

Protect Your Data in the Cloud

When IT pros plan backup and recovery solutions for in-house systems, they start with the big events, such as server failures and disk crashes.  In reality, most restores are not as a result of a catastrophic loss.  Most restores are for individual files that were accidentally overwritten, deleted, or otherwise corrupted.

How is this relevant when your files are in the cloud?

Most cloud file services provide sufficient redundancy and resilience to prevent data loss due to hardware or software failure.  These services, however, cannot protect your data from the users.  Files stored in the cloud remain susceptible to deletion and accidental overwrites.    In addition, new desktop utilities that let users work locally and sync files between desktop and cloud increase your risk of file corruption.

What to do?

You do have some protections available.

Version History:  If your cloud file service has version history features, take the time to understand how and when the service saves versions.  Some services only save documents uploaded via their web interface or client, and not when documents are updated via drive mapping or folder desktop sync applications.

Cloud File backup tools:  Consider adding a backup tool to your cloud ecosystem.  A cloud backup tool will periodically move content from your cloud file service to another location periodically or continuously.  The data is stored in a format that facilitates restores to your cloud file service, and many backup tools let you download the backup set.

If you have concerns about your cloud-based data, or have questions about backing up your data in the cloud, please contact us.


File Server or File Service?

Most organizations store and share files by setting up one or more file servers.  They used to be referred to as “File and Print Servers”, but as most printers include direct network connectivity, spooling, and job management features, the need to have print spooling and drivers running on a server has nearly disappeared.

File servers seem to be heading in the same direction.

Disk space no longer needs a physical connection to a server with a full operating system. Disk drive control, security, access rights, and I/O management can be delivered directly by storage area networks (SANs), network attached storage (NAS), and cloud storage solutions.

What happens when storage is further abstracted?

Gladinet ( has a series of tools that lets you attaché multiple, independent cloud storage systems and accounts and presents them as top level folders on a mapped drive. OffiSync gives you access to Google Docs and Google Sites storage from toolbars/ribbons in the MS Office applications (avoiding mapped drives and windows explorer altogether). While Gladinet extends the model of OS-based storage management, OffiSync moves storage management directly into the application.

In its infancy, cloud storage services are giving us the opportunity to rethink the positioning and role of storage within operational architectures – in the cloud and in our data centers. File servers feel nearly obsolete as storage becomes a commodity and access control migrates from the operating system to the applications themselves.