Cloud Nine: Managing your Business Data Security Risk
February 7, 2012
If you were on the Internet at all in January of this year, you may have seen some hype surrounding two US bills: SOPA and PIPA. The folks in Hollywood said these bills were about fighting piracy, their neighbors in Silicon Valley claimed they would infringe on free speech and “break” the Internet. At the moment these bills have been tabled.
But there’s another story about Internet piracy and online data that hasn’t garnered quite as much attention in the world at large, though it may be more relevant to the average small business. One January 19 the US Justice Department took a website called MegaUpload offline in response to charges that it was complicit in pirating. This website wasn’t a file-sharing system like Napster: it promoted itself as a legitimate “cloud” service to users, and a number of them have become worried that their legal digital property is now lost forever.
The Cloud Dilemma
This whole debacle sheds light on a critical aspect of cloud computing for your business: data security. It’s a world of extremes. On the one hand are businesses that refuse to trust any sensitive information to the cloud out of security fears, and on the other are those who embrace it without a thought to how to secure and verify their data.
It’s important to remember that the sky isn’t falling. MegaUpload was targeted by the Justice Department because the site allegedly obstructed efforts to take down illegal content and rewarded users who uploaded popular content for download. The terms of service users agreed to included a clause allowing the website to cancel service without notice. This situation is not symptomatic of the large majority of legitimate cloud providers.
However, based on the furor raised by users and small businesses who now face MegaUpload data loss, this situation does point out how many of these users failed to properly research and vet cloud storage options before trusting this website with their data.
So, if your business is considering a “trip to the cloud,” what steps can it take to avoid a MegaUpload-sized mistake?
Stairway to Heaven
One, take things slow. Ignore the hype and make sure your business takes the time to really think about whether it needs to fully embrace the cloud, go hybrid, or wait a while. Cloud computing is not a one-size-fits-all market. Research how your competition have handled this field; their successes and/or failures can help inform your decision.
Two, consider your security risk. This step is true even if you don’t think your business needs to invest in (or engages with) the cloud. Do your employees email sensitive documents to each other rather than download them from a central (“cloud”) space? That’s a security risk multiplied, since your email server now has multiple copies of this file floating around. What about downloaded information on a lost portable device? These security risks are real and your business needs a plan in place to securely manage document sharing, regardless of whether or not it chooses to engage a cloud service.
Three, thoroughly investigate vendors and their service agreements. Choosing a free or super cheap option may seem like a bargain, but what other costs do they entail? Will your data be used for advertising purposes, or potentially have outages without notice? How much support does the cloud service provide, and what guarantees does it make? What’s the company track record with data outages?
Four, make a decision and manage for the risks involved. Your business may decide to build its own private cloud if it has enough manpower and resources at it’s disposal, or it may decide the cloud needs more study and wish to engage the help of a trusted provider to wade through the options available (we at Cii Technical Services would be glad to help!) Regardless of what choice is made, though, security risk will still need to be managed. That includes spending time training your employees on how to securely work with your company’s and client’s data.
If you’re considering a cloud solution, ZDNet blogger Phil Wainewright wrote a great article on the subject with helpful tips called “Seven lessons to learn from Amazon’s outage.” Also check out these tips over at our partner Egnyte HybridCloud’s blog.
If you have specific questions on cloud security and risk management, feel free to contact us.