Is your data on the cloud at risk?

In the blog “Cloud Applications for Businesses,” we noted that many employees are now working away from their offices using laptops, smartphones, and tablets. They need to make real-time decisions to improve response times, business processes, and productivity. To make this situation a reality, companies had to migrate data to the cloud and enable employees to access it via a web browser or mobile app. Data migration to the cloud enabled companies to save money by purchasing only the storage capacity they need, shifting ongoing maintenance to a third party, and reducing the need for physical storage facilities.

What are the security risks of using a cloud service?

However, companies must be aware of the following situations that will increase the risk of a cloud data breach:

A larger third-party cloud provider will not protect your data as diligently: When companies move their data to a larger cloud service provider, they are at its mercy. A larger third-party provider may not be as diligent in protecting your data as your IT team.
Many companies use the same cloud system: When your company shares the same computing resources with other companies, there is a chance your data can leak out to your neighbors.
Larger third-party cloud providers are prime targets for cybercriminals. It is easier for them to disrupt and steal data in groups than individually, especially if the provider uses a single sign-on experience.
Your users may not be able to contact customer support. Some larger third-party providers may give you all the attention you need when they are trying to win your business. However, once they have your business and you need customer support, less trustworthy providers will either leave you on hold for a long time or transfer your call from department to department. These delays can be costly if an in-house application goes down, leading to extended employee downtime and lost profits.
Your company may no longer be the sole owner of the data: if ownership terms for your cloud services were not set at contract signing, the data may also belong to the provider. Once the provider has the data, they can either use it to solicit your customers or sell the data to a broker.

How can you prevent breaches of data in the cloud?

Consider a private cloud: Your company can set up a private cloud within the corporate firewall using a dedicated storage device. This private cloud can be managed by either your IT department or a managed services provider. If a disaster strikes, it will be much easier to contact support and resolve the issue with minimal downtime.
Ask the cloud provider about their management software: Your company should ask about the software they use to manage the cloud, the version it runs on, the update frequency, and the people authorized to log in to your account.
Assign access levels to specific data: Your company should grant higher access levels to employees handling confidential information and to database administrators. These privileged users should receive training on handling their data securely.
Limit data access based on employees’ current computing environment: Your company should assign levels to different user locations (office, home, public place) and devices (office desktop, personal smartphone). For example, an employee using a smartphone at an airport should complete more sign-in steps than when using a desktop at the office.
Ask your cloud provider about their disaster recovery plan: Disasters, such as floods, tornadoes, and earthquakes, can wipe out your business data in a flash. Your cloud provider should have a backup and recovery procedure in place so your company can get back to work quickly without losing valuable data.
Request regular security event alerts: You and the cloud provider should decide which service interruption events (outages, maintenance) require a phone call or email to your company, and then send those alerts.
Make sure your provider understands your compliance requirements: Some companies, such as health or legal firms, are subject to industry regulations. In the event of an audit, they must demonstrate that they are protecting company data. Your cloud provider should be familiar with those regulations and set up strict management and encryption procedures.
Your cloud services contact should confirm your ownership of the data. Many cloud vendors include language clarifying ownership. Your company should also limit how your cloud provider can use the data to prevent them from mining it for their own purposes.

SOURCES:
Bendekgey, L. Cloud computing reduces HIPAA compliance risk in managing genomic data. (2013, September 4). Retrieved from: http://www.healthcareitnews.com/blog/cloud-computing-reduces-hipaa-compliance-risk-managing-genomic-data
Grimes, R. The 5 cloud risks you have to stop ignoring. (2013, March 19). Retrieved from: http://www.infoworld.com/d/security/the-5-cloud-risks-you-have-stop-ignoring-214696
Angeles, S. 8 Reasons to Fear Cloud Computing. (2013, October 1). Retrieved from: http://www.businessnewsdaily.com/5215-dangers-cloud-computing.html
Pant, P. How to assess risk when considering cloud computing. (2013, October 21). Retrieved from: http://www.networkworld.com/news/tech/2013/102113-assessing-cloud-risk-275056.html
Marx, G. Can cloud computing be secure? Six ways to reduce risk and protect data. Retrieved from: http://www.theguardian.com/media-network/media-network-blog/2013/sep/05/cloud-computing-security-protect-data
Goodwin, B. Is your data at risk in the cloud? (2012, May 14). Retrieved from: http://www.computerweekly.com/news/2240150186/Is-your-data-at-risk-in-the-cloud
Trappler, T. When your data’s in the cloud, is it still your data? (2012, January 17). Retrieved from: http://www.computerworld.com/s/article/9223479/When_your_data_s_in_the_cloud_is_it_still_your_data_

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.