If every cloud computing system had a silver lining, you’d probably never have to worry about security.
But life is not quite so dreamy in the cloud.
As much as cloud computing is the way of the future for businesses looking at reliable and affordable IT solutions, security concerns are still an unfortunate reality.
A recent report by Security Cloud Alliance found that cloud security projects were the leading IT project in 2014, while concern about the security of data was reported to be the top challenge holding back cloud-based projects. As cloud providers continue to invest heavily in security, the level of risk is expected to drop, yet there still appears to be a long road ahead.
Consider that as of 2014, some of the biggest names in cloud computing that use sensitive data (including payment card information and banking data) did not encrypt the stored data.
There are also legitimate privacy and data protection considerations, some of which are related to geography (many cloud servers are not based in the country where you do business, which can make for a confusing regulatory environment).
Another perceived threat relates to infrastructure being shared amongst several organizations, with varying degrees of access. In effect, your business may be sharing a platform with other users, while your business data is stored, processed, and accessed remotely. There is also a risk of an outage or hardware failure at a remote data centre, which can impact the usability of cloud services.
When a cloud provider suffers a failure, it will be your business (and your customers) who have to deal with the fallout until it is fixed.
Perhaps one of the most challenging aspects of cloud security relates to identity and authenticating users who have access to data: a 2014 survey of cloud adoption and risk found a “staggering” availability of stolen credentials available online. Even if you think you are protecting your business data, your level of protection may only be as good as your last updated login credentials.
All of these risks can lead to cybercriminals hacking and stealing customer information. While this is not restricted to cloud computing, the scope and layers of responsibility associated with cloud computing can make accountability a challenge.
To be sure, cloud computing is a clever innovation that allows your small business to do things that previously only big businesses could do online, yet this is one area of business that calls for a bit of homework.
Privileged access: get as much information as possible as to who has access to your data.
Location, location, location: ask your provider if they will store your data in a specific jurisdiction, and see if you can get a contract stipulating that the provider will adhere to privacy regulations in your business’ jurisdiction.
The recovery position: be aware of what happens to your data in the event of a disaster. Ensure that your cloud provider replicates your vital data.
Separate but equal: encryption is not a catch-all security solution but your cloud provider can assure you that your data is segregated and encrypted by experts.
In the long run: be sure there is a fall-back plan for your data in case your cloud provider goes out of business or is acquired in a take-over. You’ll need to be able to retrieve your data and import it into a new cloud application.
Get it in writing: get a contract and read it closely, especially as it relates to investigating illegal activity. If you can’t get a firm commitment in writing that your provider will support specific investigative functions, this could spell problems in the future.
For more tips on cloud computing, call your My StartUp Business Counsellor at 1-888-234-2232.