The guide to cloud storage security for public sector
Philip Williams
on 16 July 2024

Cloud storage solutions can provide public sector organisations with a high degree of flexibility when it comes to their storage needs, either public cloud based, or in their own private clouds. In our previous blog post we looked at the economic differences between these two approaches.
In this blog we will explore some of the security best practices when using cloud storage, so that you can ensure that sensitive data remains securely stored and compliance objectives are met. The points we cover will be relevant to both on-premise storage and storage solutions in a public cloud.
Risks associated with storing data
In the public sector, is it very common to handle sensitive datasets, such as Personally Identifiable Information (PII) about citizens, medical information, or digital evidence for crime investigation purposes.
It is important to ensure that these data sets are only ever accessible to users with the correct permissions, and whenever transferred, that this is done across a network that cannot be eavesdropped upon. Similarly, whenever stored “at rest” the data should also be encrypted in case hardware is lost or stolen. Furthermore, being able to create point in time snapshots of datasets can ensure that even accidental changes do not cause destruction of important data.
Cloud storage best practices
Access control mechanisms exist in most IT systems, and storage is no different. On premise cloud storage solutions like Ceph, and public cloud storage systems like S3 can integrate with organisation wide authorisation systems like LDAP. This allows an organisation to centrally control access to storage resources and easily add or remove permissions when needed.
When using storage resources over external network connections, it is imperative to ensure that those communications are secure and that there is no possibility of a third party being able to intercept any information that has been transmitted. That goes for internal communications too: it is possible that a malicious actor could gain access to an internal network that previously may have been considered secure, so ensuring internal communication is always encrypted is paramount. Cloud storage systems are able to enforce the use of encrypted communications and reject insecure connections.
Sometimes it is necessary to prove that a dataset has not changed since it was stored, for example, digital evidence used in a criminal trial will need to be accompanied with guarantees that there has been no tampering. Cloud storage systems use solutions like snapshots of either a block volume or filesystem. Another solution they offer is versioning of objects to ensure that the original data can always be recalled. This kind of solution can also be useful as a defence mechanism against ransomware attacks, allowing an organisation to roll back to a known good state.
Once data has reached a storage system, there is another aspect to consider: what happens if the hardware used in that system is lost, recycled or stolen? Imagine a disk fails and needs to be sent back for warranty purposes – what if the data stored on it could be read? Could that lead to a breach of data security? Most modern storage systems allow for data to be encrypted before it is written to disk, so that data cannot be read by unauthorised parties.
Learn more
Both on-premise storage solutions (like Ceph) and public clouds have features that reduce the chances of unauthorised access or changes to the sensitive data stored in them.
But which option is right for your organisation? Our recent whitepaper shows that there are significant savings by using an on-premise or cloud-adjacent approach that still provides the same high availability and performance that can be found in a public cloud. Find out more below:
Additional resources
What is Ceph?
Ceph is a software-defined storage (SDS) solution designed to address the object, block, and file storage needs of both small and large data centers.
It's an optimized and easy-to-integrate solution for companies adopting open source as the new norm for high-growth block storage, object stores and data lakes.
 
  How to optimize your cloud storage costs
Cloud storage is amazing, it's on demand, easy to implement, but is it the most cost effective approach for large, predictable data sets?
Understand the true costs of storing data in a public cloud, and how open source Ceph can provide a cost effective alternative.
A guide to software-defined storage for enterprises
Ceph is a software-defined storage (SDS) solution designed to address the object, block, and file storage needs of both small and large data centres.
Explore how Ceph can replace proprietary storage systems in the enterprise.
Performant, reliable and cost-effective storage with Ceph
Canonical Ceph simplifies the entire management lifecycle of deployment, configuration, and operation of a Ceph cluster, no matter its size or complexity. Install, monitor, and scale cloud storage with extensive interoperability.
Find out how Ceph scales effortlessly and cost-effectively ›
Newsletter signup
Related posts
How to reduce data storage costs by up to 50% with Ceph
Canonical Ceph with IntelⓇ Quick Assist Technology (QAT) In our last blog post we talked about how you can use Intel® QAT with Canonical Ceph, today we’ll...
How to utilize CPU offloads to increase storage efficiency
Canonical Ceph with IntelⓇ Quick Assist Technology (QAT) When storing large amounts of data, the cost ($) to store each gigabyte (GB) is the typical measure...
Meet the Canonical Ceph team at Cephalocon 2024
Date: December 4-5th, 2024 Location: Geneva, Switzerland In just a few weeks, Cephalocon will be held at CERN in Geneva. After last year’s successful...