In the blog, Cloud Applications for Businesses, we mentioned that many employees are now working away from their offices on laptops, smartphones, and tablets. They need to make decisions in real-time to improve response times, business processes, and productivity. To make this situation a reality, companies had to move data to the cloud and allow employees to access this information on a web browser or mobile application. Data migration to the cloud allowed companies to save money by buying only the storage capacity they need, leaving the ongoing maintenance to a third party and reducing the need for physical storage facilities.
What are the security risks of using a cloud service?
However, companies must be aware of the following situations that will increase the risk of a cloud data breach:
- A larger third-party cloud provider will not protect your data as diligently: When companies move their data to a larger cloud service provider, they are at their mercy. A larger third-party provider may not be as tough with protecting your data as your IT employees.
- Many companies use the same cloud system: When your company shares the same computing resources with other companies, there is a chance your data can leak out to your neighbors.
- Larger third-party cloud providers are targets for hackers: These cloud computing providers are prime targets for cybercriminals. It is easier for them to disrupt and steal data in groups, rather than one by one, especially if the provider is using a single sign-on experience.
- Your users may not be able to contact customer support: Some larger third-party providers will give you all the attention you need when they are trying to get your business. However, once they get your business and you need customer support, the less trustworthy providers will either leave you on hold for a considerable amount of time or pass your phone call off from department to department. These delays can be costly if an in-house-based application goes down, which can lead to extended employee downtime and lost profits.
- Your company may no longer be the sole owner of the data: If ownership terms of your cloud services were not set during the contract signing, the data may also belong to the provider. Once the provider has the data, they can either use it to solicit your customers or sell the data to a broker.
How can you prevent breaches of data in the cloud?
- Consider a private cloud: Your company can set up your private cloud within the corporate firewall by using your dedicated storage device. This private cloud can be under the administration of either your IT department or a managed services provider. If disaster does strike, it will be much easier to contact support and resolve the issue with minimal downtime.
- Ask the cloud provider about their management software: Your company should ask about the software they use to manage the cloud, the version it is on, the frequency of software updates, and the people allowed to log into your account.
- Assign levels of access to certain types of data: Your company should assign a higher level of access to employees handling confidential information and database administrators. These privileged users should receive training on handling their data securely.
- Limit data access based on employees’ current computing situation: Your company should assign levels to diverse types of user locations (office, home, public place) and the device they are using (office desktop, personal smartphone). For example, an employee using a smartphone in an airport should use more sign-in steps than when he/she is at the office on a desktop.
- Ask your cloud provider about their disaster recovery plan: Disasters, such as floods, tornadoes, and earthquakes, can wipe out your business data in a flash. Your cloud provider should have a backup and recovery procedure in place so your company can get back to work quickly and not lose valuable data.
- Ask for regular security-event alerts: You and the cloud provider should decide which service interruption events (outage, maintenance) require a phone call or email to your company, and then send out those alerts.
- Make sure your provider understands your compliance regulations: Some companies, such as health or legal, are bound by industry regulations. In case of an audit, they must prove they are protecting company data. Your cloud provider should be familiar with those regulations and set up strict management and encryption procedures.
- Your cloud services contact should confirm your ownership of data: Many cloud vendors include language clarifying ownership of data. Your company should also limit the ways your cloud provider can use the data, so they will not mine it for their purposes.
Bendekgey, L. Cloud computing reduces HIPAA compliance risk in managing genomic data. (2013, September 4). Retrieved from: http://www.healthcareitnews.com/blog/cloud-computing-reduces-hipaa-compliance-risk-managing-genomic-data
Grimes, R. The 5 cloud risks you have to stop ignoring. (2013, March 19). Retrieved from: http://www.infoworld.com/d/security/the-5-cloud-risks-you-have-stop-ignoring-214696
Angeles, S. 8 Reasons to Fear Cloud Computing. (2013, October 1). Retrieved from: http://www.businessnewsdaily.com/5215-dangers-cloud-computing.html
Pant, P. How to assess risk when considering cloud computing. (2013, October 21). Retrieved from: http://www.networkworld.com/news/tech/2013/102113-assessing-cloud-risk-275056.html
Marx, G. Can cloud computing be secure? Six ways to reduce risk and protect data. Retrieved from: http://www.theguardian.com/media-network/media-network-blog/2013/sep/05/cloud-computing-security-protect-data
Goodwin, B. Is your data at risk in the cloud? (2012, May 14). Retrieved from: http://www.computerweekly.com/news/2240150186/Is-your-data-at-risk-in-the-cloud
Trappler, T. When your data’s in the cloud, is it still your data? (2012, January 17). Retrieved from: http://www.computerworld.com/s/article/9223479/When_your_data_s_in_the_cloud_is_it_still_your_data_