There’s been a lot of broohaha regarding the latest incarnation of offsite data storage – cloud computing. How does it differ from traditional offsite data storage methods? How does placing your data on the cloud affect your business liability?
Cloud computing is creating vulnerabilities that many companies have yet to address, say some of the experts I’ve read. Gartner suggests that companies need to do a thorough risk assessment around their cloud computing practices.
So why aren’t we? Perhaps it’s because we’re under the impression that an internal computer and information security process will suffice. However, if you’ve not addressed the various levels of much-needed security practices at the cloud level, you could be overlooking several key areas, including compliance.
Some of the areas most overlooked include:
Data transfer. Is your data traveling over a secure connection? How do you know that exactly?
Who’s minding the data? Who you let in to your cloud environment is as important as what it is you’re storing. All those controls you had before the cloud? Consider them obsolete. You’ve just now handed control of your company’s data over to a third party who may not be vetting its employees properly.
Data availability. Can you access your data when you need to? What happens if your cloud provider suffers a business interruption? How will you get to your data?
Who’s looking without your knowing? Your data isn’t as protected as you might think. The Patriot Act allows for authorities to subpoena a third-party provider for access to your data, and they’re not required to tell you.
Lackluster security. Do you really know how secure that data is? What are the encryption and security policies of your provider? What happens to those security policies when that provider sells out or is acquired? What data is stored on shared technology, and what does that mean in the event of a break-in?
Does your company use cloud storage or cloud computing? How have you designed your security plan? What vulnerabilities did you have to address?