Use of a remote, shared computer network to store, manage and process data can save time and money by eliminating the need for a local data center and an IT team to run it. Whether on a smart phone, a laptop or a desktop computer, cloud computing gives users immediate access to data anywhere there is an Internet connection.
Gartner, one of the world’s foremost IT research companies, expects cloud computing to become a $250 billion industry by 2017. Other estimates vary but they are all high. Forrester Research forecasts that public cloud computing revenues will reach $191 billion by 2020. Cisco forecasts a steady migration of IT work from traditional data centers to the cloud.
Industry analysts say the edge that businesses gain from moving data to the cloud accounts for its rollicking growth. So what’s not to like? In a word, security.
Many organizations are uncertain how safe even the most reputable cloud providers are. In fact, it’s the nature of the beast: Someone else, a third party, has access to your data and is responsible for keeping it secure, at a location other than your business.
Here are some steps you can take to minimize the risk of your data being stolen, damaged or accidentally deleted.
Research cloud providers
Look for providers that are independently certified as following best security practices.
Also, be aware that rules governing data retention, data protection, medical file management and other areas can vary by jurisdiction and country. It’s important to have an understanding of the specific laws and regulations that apply to the services you’re using.
Companies that have applications running in the cloud should make sure the applications are accessible only to the employees that need to be using them. Two-factor authentications require you to enter a short numeric code in addition to your password before you can gain access to an account.
Use encryption to protect cloud files
When moving data to the cloud, it should be encrypted to protect against unauthorized access. Encryption should be in force both when data is being transferred and when it’s in the cloud. Only authorized users should be able to decrypt and read the information.
Monitor who and what devices are using your cloud accounts
Secure web gateways allow IT departments to see how data is flowing in and out of cloud accounts. Also important is protecting all PCs, laptops, tablets and smart phones that have access to cloud data.
Know the rules in the event of a data breach
Be clear about your cloud provider’s disclosure policy should your information be compromised, including how quickly the provider is required to notify you. Disclosure laws vary among U.S. states and among foreign countries. Terms should be spelled out in your initial contract with the cloud host.
Also, if you discover the breach first, you may need to inform the cloud provider, which may have ramifications for its other clients sharing the same server. Having agreed-upon steps in the contract and an incident response plan in place that’s been approved by both parties will lessen the consequences of a breach.