A 17-year executive in computer system sales and security, Vic Mankotia currently serves as the vice president for security for Asia, Pacific, and Japan for CA Technologies, Inc., in Melbourne. Recently Vic Mankotia talked with StorageAsean’s news service about issues regarding the safety of proprietary information stored on the cloud.

Cloud computing refers to the practice of managing data on remote servers rather than a local site. In the field of cloud computing, data security is a vital concern. In the United States, one organization alone reported almost 600 breaches. As cloud computing changes the way data is handled, sharing information across borders necessitates new protection and new regulation.

Data in the cloud could be fairly safe, but much depends on which provider you use. Companies such as Amazon and Google spend millions of dollars on security, backed up by large support facilities. However, some firms expend less effort for privacy and security. Prospective customers should seek companies that adhere to industry certifications, such as SSAE 16, ISO 27001, and FISMA.

Customers should also know cloud vendors’ protections against hacking. Some vendors maintain security operations centers that investigate anomalies. Others take a more proactive approach and hire experts whose main function is to test security by trying to hack into the company’s systems, thereby revealing vulnerabilities in the systems security framework that can thereafter be addressed.

In 2014, expect more providers to use encryption techniques and strong authentication procedures. Passwords are no longer sufficient in themselves to protect unauthorized access to corporate data.
As vice president of CA Technologies, Vic Mankotia possesses extensive knowledge of the steps involved in computer security. Under his leadership, CA Technologies helps set up computer security measures for companies in Japan and the Asia Pacific region. Vic Mankotia has close to two decades of experience in the software industry. He recently discussed the necessary measures to keeping information safe within a cloud service.

According to Mr. Mankotia, there are three components to keeping personal information safe within a cloud. They are identity, access, and advanced authentication. Choosing cloud services that comply with SSAE 16, ISO 27001, and the Federal Information Security Management Act is a good start, but it is not enough.

To ensure a person’s safety in the cloud, it is important that the cloud recognizes the user is indeed an authorized user or customer before granting access. This is accomplished through advanced authentication procedures. Every user must use a specific user ID and password; should the wrong ID or password be used, additional steps are taken to verify the user's identity. Sites may require access to come from the same IP address each time.