Data storage outsourcing increases the attack surface area.
- When data is distributed, it gets stored at more and more locations, increasing the risk of unauthorized access to that data. For instance, in cloud-based architecture, data is duplicated and moved repeatedly, hence increasing the risk of unauthorized data recovery dramatically: like in the case of old equipment disposal, reallocation of storage space and reuse of drives. The manner in which data is replicated depends on the level of service a customer selects and on the service provided. While encryption is in place, it can ensure that the files remain confidential. Crypto-shredding also can be used while disposing data on a disk.
- The number of people with data access who could be compromised increases dramatically. A single company may have a small team of network engineers, technicians and administrators, but a cloud storage company has many customers and thousands of servers. Hence, a much bigger team of technical staff with electronic and physical access to almost all the data in the entire facility or perhaps the whole company is needed. When compared to the service provider, decryption keys that are kept by the service user restrict access to data by service provider employees. When it comes to sharing multiple data in the cloud with several users, numerous keys have to be distributed to users through secure decryption channels. The users should also have to securely store and manage it on their devices. Keeping such keys safe requires costly secure storage, which can be overcome using the key-aggregate cryptosystem.
- Cloud storage increases the number of networks over which data travels. In addition to a storage area network (SAN) or a local area network (LAN), data stored on a cloud needs a WAN (wide area network) to connect the two of them.
- By sharing networks and storage with numerous other users/customers, other customers will be able to access your data. Sometimes, due to faulty equipment, erroneous actions, a bug or sometimes due to criminal intent, this risk applies to all kinds of storage and not just cloud storage. Transmission of encrypted data protects it from being read by a third party since it is being transmitted from and to the cloud service.
Companies do not offer permanent services. Their services and products can change over the course of time. Outsourcing storage of data to another company requires careful investigation because nothing is ever certain. Unchangeable contracts can prove to be worthless when a company ceases to exist or when its circumstances change.
- Companies can go bankrupt.
- They can expand and change their focus.
- Larger companies might buy them.
- They can be bought by a company with headquarters in or move to a country that does not have compliance issues with export restrictions and hence requires a move.
- Companies can also suffer irrecoverable disasters.