![]()
By Eduard Goodman
More companies are using the cloud for storage, software and even infrastructure services. This growing trend has changed the way businesses handle data—and, unfortunately, it also has opened them up to more security risks.
It’s imperative that businesses develop basic security protocols to safely and securely deploy cloud-computing solutions, particularly for functions—and even entire industries—with a high risk of data breach.
Industries with high risks include payroll processing, human resources management, healthcare services and anything related to financial data, from consumer banking to payment card transactions to retirement fund distributions.
What you can do
The cloud has enabled many companies to reduce their onsite footprint and make information and systems available to workers regardless of their location. To protect their business, employees and customers, organizations can follow these steps to secure data:
1. Identify where risks exist. A business must first identify the primary function it’s trying to move to the cloud or where it already may be leveraging cloud-based resources.
• Storage-as-a-service and data-backup platforms. These typically pose many security and privacy risks. Good news: Most cloud data storage providers offer encryption and other highly effective safeguards. Businesses should make sure they leverage such technologies to good advantage. For example, cloud customers may need to opt in to use encryption tools, which are rarely applied by default.
• Software-as-a-service. Businesses are moving away from housing software and systems on-site to using powerful platforms in the cloud, such as Salesforce, WebEx and Microsoft Azure. These platforms raise concerns about who is responsible for security measures and breach response: the vendor or the customer. Few cloud software providers allow for negotiation of the contract terms and service-level agreements, leaving businesses to sift through detailed contract language to determine where obligations exist on both sides of the partnership, and where security vulnerabilities may occur during the hand-off of data and compute power between users and the cloud provider.
2. Dedicate time and resources to conduct due diligence. Make sure safeguards are used around sensitive data. This is even more important where hyper-specialized solutions may be in use, such as those that exist within the healthcare sector and other industries with very specific demands, needs and compliance mandates.
3. Get specific in your service contract. A business considering a move to the cloud will want to determine how their provider will respond to requests from law enforcement, regulators and third parties. It also should know how vnedors handle notification if a breach has occurred.
4. Ask where your provider’s servers are located. Some regions like Europe may treat data access differently than others, potentially creating a regulatory or liability issue for a multinational.
With a clear understanding of how cloud resources are to be leveraged within your own enterprise and what role the provider will play in bolstering security protections, a business will be well equipped to address potential weaknesses across its cloud footprint and mitigate its risk of running afoul of differing data protection obligations and the risk of a data breach.
Eduard Goodman is chief privacy officer for IDT911.
