Clouds Ahead

Nov 15 2011   1:02PM GMT

Addressing Data Control Concerns in the Cloud

Pedro Pereira Pedro Pereira Profile: Pedro Pereira

Cloud computing raises some serious questions about data. Who controls the data, how can you be sure it is secure, and what happens if your cloud service provider has an outage?

You could write a book trying to address each of these questions. But since we have limited space here and you have enough demands on your time, I will do my best to address the major points. In this blog, we’ll tackle control and leave the other two questions for future entries.

Unless you have a private cloud environment, you effectively relinquish, or at the very least share, control of your data. This is a nerve-wracking reality in cloud computing scenarios.

You could lose a lifetime’s worth of sleep worrying about the potential for errors, malicious activity and system malfunctions – especially if your company handles sensitive information protected by regulations such as HIPAA (Health Insurance Portability and Accountability Act), Sarbanes-Oxley (or Public Company Accounting Reform and Investor Protection Act) and Gramm–Leach–Bliley (or Financial Services Modernization Act).

Unless you have a private cloud environment, you effectively relinquish, or at the very least share, control of your data.

Run afoul of any of these regulations, and you’re inviting trouble. To prevent that, any company using cloud solutions must take great pains to ensure that whoever controls the data knows what they’re doing. Make sure your service provider uses security methods such as authentication and identity management, access control, encryption and secure deletion.

Before signing up for any cloud-based services handling private data, be sure to research the provider’s background and track record. Ask for customer referrals and contact the customers to hear about their experiences with the provider.

Of course, no amount of research will ensure a 100 percent trouble-free cloud computing experience, so trust plays a role. And since trust is earned, entering into a contract with a provider requires a leap of faith.

But contracts exist for a reason, and in this case they provide protections to your and your provider. The worst thing you could do, of course, is to enter into some kind of arrangement where no contract is signed.

A contract with a cloud service provider must stipulate that your data should be available only to authorized users within your organization, and that the provider will do everything it reasonably can to prevent leaks or breaches.

Furthermore, the contract must require that data you delete because it is no longer needed, or isn’t required to be archived per government regulations, is indeed deleted – not only from the original files but also in any database or backup system where it is replicated. This is an important point; we all now how hard it really is to delete data.

Control over data is one of the biggest concerns business decisions makers have about the cloud. The best you can do is pick a reliable cloud services provider to the best of your abilities and protect yourself through a well-written contract.

1  Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Briansy27
    Data Control must be given priority since its very beneficial, and its nice to know that Cloud has given some time for this one. It help lots of user specially me. Who's using [A href="http://marketbold.com/KeywordSniperPro/"]Keyword Tool[/A] for SEO and data recovery is important
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: