Go to:

May 2018
< Apr Jun >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

Do You Know Where Your Data Is?
Thursday, December 1, 2016 6:45 AM

Michael Salyer, IT Analyst, Credit Union Resources

Do you know where you data is? Is it secure? Is it properly segregated? Is it always accessible? Is it recoverable? Due to convenience and affordability, more and more credit unions are migrating to cloud computing. Whether it’s for data storage or using such products as Office 365, it's important to perform due diligence on your vendor before you trust them with your member data. You should be able to answer all the questions noted above.

Protecting your data within the cloud can be accomplished by the following:

  • Access control lists: Access to your data must be tightly controlled.
  • Storage encryption: Ensure you data storage vendor is using strong, industry standard encryption. These standards are:
    • AES (128 bits and higher)
    • TDES (minimum double-length keys)
    • RSA (1024 bits and higher)
    • ECC (160 bits and higher)
    • ElGamal (1024 bits and higher).
  • Transport level encryption: Data must also be encrypted while in transit. This can also apply to any time a browser is used (online banking, etc.). If you don’t see a lock in the address bar next to the web address, the site is not secure.

Data theft and data tampering are often the hottest topics of the security discussion when it comes to cloud computing. However, accessibility of your data should not be overlooked. Credit unions need to question what the cloud provider has in place to protect against threats like Distributed Denial of Service (DDoS) attacks that can prevent access to stored data.

Another consideration is how backup and recovery is handled by provider to deal with disaster recovery. If the day to day functionality of your credit union depends on this data, this is going to be vital as well.

Data stored in the cloud is typically in a shared environment alongside data from other customers. Encryption is effective but shouldn’t be viewed as a cure-all. The credit union needs to be aware of what is done to segregate data at rest. Your cloud vendor should provide evidence that data segregation schemes were designed and tested by experienced specialists. Encryption accidents can make data totally unusable, and even normal encryption can complicate availability.

Cloud computing will continue to increase in popularity, accessibility, functionality, and affordability, making it ideal for credit union use. When proper precautions are taken prior to migration, as well as ongoing due diligence of your vendor, the cloud can be a great opportunity for credit unions of all sizes.