While some people still associate the cloud with a lack of security, perceptions are changing. Proponents of the cloud industry say it is very safe, and highlight that like any other purchasing decision, corporations must do their due diligence and ensure that they choose an established supplier.
One place to start is to look at their reference customers. Are companies within regulated industries using them? Test the service and do not have your first encounter with cloud using highly sensitive applications or databases, but get a feel for how the environment works with a less important set of information.
Large companies with IT teams and security experts should make sure that those teams are involved in the due diligence process, and if they don’t have professionals in-house, engage with an independent consultant.
Before choosing a provider, consider the following questions, which can help your business and your data in the long run:
One of the difficulties people have with cloud storage is that they do not understand how the cloud works. For example, whether data is easier or more difficult to protect in a cloud infrastructure as opposed to traditional on premise infrastructure.
Businesses must understand that in many cases the difficulty level is the same. Cloud providers will often undertake the same checks and balances and use the same protection. Those cloud service providers who operate systems for various clients may be more secure than on-premises platforms. Though those using a public cloud, where several organizations are using the same applications and/or infrastructure, can provide data security issues because of access control. What’s more other considerations, such as anti-virus software, firewalls and encryption are equally important whether on-premises or in the cloud.
Regulators have also displayed their commitment to safeguarding data, including what is in the cloud, through a raft of recent legislative activity. New EU legislation, GDPR for example, is aimed at simplifying and updating data legislation unifying different regulation regimes under one umbrella. It will mean that cloud providers, as well as data owners, will be liable for data breaches that occur. At the moment, it is the data owner, rather than the hosting company that is liable. There is also a specific level of fines for data breaches, which is up to five per cent of a company’s annual turnover. The effect on cloud providers and hosting companies will be significant and they will have to get their house in order to avoid potential punitive fines.
The cloud is fast becoming the easiest and most cost effective storage solution for businesses, but if cloud providers want to truly succeed they must not only convince businesses that the cloud is secure, but will need to be even more stringent with data to convince regulators that they can safeguard data effectively.