Posted by: Pedro Pereira
Cloud computing raises some serious questions about data. Who controls the data, how can you be sure it is secure, and what happens if your cloud service provider has an outage?
You could write a book trying to address each of these questions. But since we have limited space here and you have enough demands on your time, I will do my best to address the major points. In this blog, we’ll tackle control and leave the other two questions for future entries.
Unless you have a private cloud environment, you effectively relinquish, or at the very least share, control of your data. This is a nerve-wracking reality in cloud computing scenarios.
You could lose a lifetime’s worth of sleep worrying about the potential for errors, malicious activity and system malfunctions – especially if your company handles sensitive information protected by regulations such as HIPAA (Health Insurance Portability and Accountability Act), Sarbanes-Oxley (or Public Company Accounting Reform and Investor Protection Act) and Gramm–Leach–Bliley (or Financial Services Modernization Act).
Unless you have a private cloud environment, you effectively relinquish, or at the very least share, control of your data.
Run afoul of any of these regulations, and you’re inviting trouble. To prevent that, any company using cloud solutions must take great pains to ensure that whoever controls the data knows what they’re doing. Make sure your service provider uses security methods such as authentication and identity management, access control, encryption and secure deletion.
Before signing up for any cloud-based services handling private data, be sure to research the provider’s background and track record. Ask for customer referrals and contact the customers to hear about their experiences with the provider.
Of course, no amount of research will ensure a 100 percent trouble-free cloud computing experience, so trust plays a role. And since trust is earned, entering into a contract with a provider requires a leap of faith.
But contracts exist for a reason, and in this case they provide protections to your and your provider. The worst thing you could do, of course, is to enter into some kind of arrangement where no contract is signed.
A contract with a cloud service provider must stipulate that your data should be available only to authorized users within your organization, and that the provider will do everything it reasonably can to prevent leaks or breaches.
Furthermore, the contract must require that data you delete because it is no longer needed, or isn’t required to be archived per government regulations, is indeed deleted – not only from the original files but also in any database or backup system where it is replicated. This is an important point; we all now how hard it really is to delete data.
Control over data is one of the biggest concerns business decisions makers have about the cloud. The best you can do is pick a reliable cloud services provider to the best of your abilities and protect yourself through a well-written contract.