The benefits of cloud storage seem to far outweigh the risks, making cloud storage an attractive solution for the growing number of enterprises moving business information and customer data to cloud storage.
Among the main advantages of cloud storage are drag and drop file transfers, file accessibility from any device, cloud file linking capability, the relatively inexpensive cost, and off site storage for disaster recovery.
However, understanding the hidden risks is essential when choosing a cloud storage solution for corporate use.
Does your corporate cloud storage ensure the confidentiality, integrity, and availability of your business information and customer data? If your organization is planning to implement, Dropbox, AWS, Azure, Office 365, or similar cloud storage solution, consider the following variables.
Control & Security
Cloud storage providers have complete control over your stored information once it’s on their servers, including where and how your data is stored, and who can access your data.
Your expectation should be that the cloud service provider will, at a minimum, protect your business information and customer data as effectively, and with the same level of care, that your organization extends. Cloud provider oversights and threats such as misconfigurations, server permissions errors, a rogue insider, a careless employee, and/or a data breach, put your information at risk.
Carefully review the cloud storage provider’s control and security protocols, and ensure their effectiveness, before entrusting them with your valuable information.
The cloud storage provider must utilize current, effective authentication and authorization processes that minimize the risk of unauthorized access to your data. Multifactor authentication makes it more difficult for your cloud service provider credentials to be stolen. It also helps to prevent unintentional access by unauthorized employees (both current and former). Properly securing cryptographic keys and changing the keys periodically is also critical. Weak APIs and interfaces put your data at risk.
Some, but not all, cloud storage providers use end-to-end encryption. Business information and customer data stored on cloud provider servers must be stored encrypted. It’s imperative to institute “data at rest” encryption prior to data transfer to the cloud, and to ensure the cloud storage provider continues to store your data in an encrypted state as well. Furthermore, unless all of your information is encrypted before it is sent to the cloud, your business information and customer data is at risk during the transfer.
Unless the cloud storage provider stores your information in a private cloud, your information is stored on a server with the data of other users, which increases the risk that your data can be compromised. The security of your data becomes subject to the risks imposed by an unknown and uncontrolled entity. If you do opt for a corporate cloud storage solution, private cloud storage is the optimal choice to avoid unnecessary risks.
Legal & Regulatory
Being aware of the legal posture of the cloud service provider, and carefully considering the potential ramifications for your business and your customers, are an important part of the decision process. The cloud service provider must protect your legal rights and ensure they take legal responsibility for their failures to comply with regulatory requirements.
Careful review of the cloud storage provider’s data breach history, hacking hardening and overall cyber security program should be part of the corporate cloud storage provider selection process. As information repositories, cloud storage providers are at an elevated risk of hacking. The potential reward for a hacker is significantly higher because of the sheer volume of accessible data.
The risk of unauthorized government access, or access without your knowledge, is removed if your data is securely stored in-house. If your business information or customer data is stored outside of the United States, the risk of nation state sponsored economic espionage should be considered as well. Data security laws vary by country, so careful consideration of the related risks and ramifications is important.
Outages & Continuity
Weighing the benefits of cloud storage against the risk of inaccessibility should be part of the decision process. While off site cloud storage can be beneficial in times of a localized disaster, the opposite is true if your cloud storage provider is affected by a natural disaster that results in your data becoming inaccessible. Internet connectivity issues can leave your business information and customer data inaccessible from cloud storage as well.
Secure Cloud Storage
Secure cloud solutions should utilize the most advanced technology and processes to monitor, secure, and protect your business information and customer data.
- The latest encryption and communication protocols
- Fast threat detection (within 24 hours, not 7 months)
- On-line safe room (with only one way in and one way out for your data)
- Virtual servers and live databases for isolated testing, research and development, or disaster recovery
- Advanced protection from Distributed Denial of Service (DDoS) attacks
- Endpoint security integration
- Cyber counterintelligence experts who become trusted advisors, monitoring your organization’s risk posture and performing continuous advanced malware monitoring
While cloud storage is a popular method of storing critical data, it is not without inherent risks. Minimizing corporate risk by using a secure cloud storage solution for business information and customer data is key to effective cloud data security.
When selecting a cloud storage provider for your business, it’s vital to carefully weigh the risks versus the anticipated benefits. Carefully vetting the cloud storage provider can help your organization avoid the legal, regulatory and/or financial ramifications resulting from inadequate controls, unauthorized access, and lax cyber security.