Security in the Cloud

Cloud Security

Enodare's writing team is composed...

  • comments
  • fb
  • tw
  • in
  • gplus
  • gplus
January 9, 2016

Despite a continuously expanding trend for deploying all manner of applications, functions and features in the cloud that has been building for almost a decade and shows no sign of slowing, people still express concern about data security. Put simply, there is no more risk to having your information in the cloud than having on a hard disk or server on your own premises. However, the risks are different and there are some understandable concerns about security that stem from the nature of cloud computing. All this means is that before committing sensitive data – such as information about customers, employees or your finances – to the cloud, you should carry out a little due diligence and ask the right questions.

First of all, ask your cloud provider about the security aspects of their data storage. They should be happy to answer questions about:

  • their data security plan (especially concerning data privacy)
  • their data governance practises
  • their uptime performance (as close to 100% as possible)
  • their disaster recovery plan
  • their successful data recovery from backup
  • their compliance history regarding relevant federal legislation (and the legislation of other countries if your operation is international)

Look for a current ISO27001 or SSAE 16 certification, both of which indicate meeting international standards that include data security. (Note: the SSAE 16 superseded the old SAS 70 Type II audits.)

It’s more the lack of this type of questioning which is causing the concern over cloud security than any holes in the cloud model itself. Professional services firm Ernst & Young carry out an annual information security survey and in a recent report, they found that users are so keen for convenient (and cheap) cloud solutions that security considerations are being ignored; the questions are not being asked.

Many industry experts actually see cloud storage as a more secure option than the average corporate or enterprise data center and that the risks come not from the storage but from the transmission of the data via the internet – in the same way that your mail box may be secure but occasionally a letter may go missing in transit. The issue is the journey taken by the data between your screen and the storage center. After all, your cloud software provider might have the application installed on another provider’s platform as a service (PaaS) which in turn could be renting infrastructure as a service (IaaS) from a third provider. Finally, the IaaS provider might be one of many sharing the same data center.

Whether you choose to venture into the cloud or not, data security should be on your agenda and there are preventive measures you can take that will protect your information, including.

  • Monitor and report regularly on data security issues (for example, have it as a standing item at your regular board or management meetings to keep everybody in the loop).
  • Incorporate security awareness into training for new employees and reinforce it for everyone else (a lack of understanding of the risks leads to avoidable errors).
  • Reassure customers and employees that you take seriously the security and privacy of their data by having clear privacy policies on your website and in your employee policies.
  • Encrypt your data appropriately and manage your SSL certificates to ensure website security.
  • Carry out penetration testing on your systems and mobile apps to check for vulnerabilities.

Putting data into the cloud is fast becoming standard business practice and should cause few worries so long as you do a little checking first to reassure yourself. Let’s face it, if cloud data security was really a problem the whole setup would have been discredited long since. The fact that its growth appears unstoppable should tell you what you need to know.

VIEW COMMENTS (0)

SOCIAL NETWORKS

Join Our Newsletter

Sign up to receive top business and legal stories

Estate Planning Software designed by expert attorneys to

meet your need.

Learn about WillWriter add