Data Security - Part 4 - Cloud or Cloudy - Secure Sensitive & Confidential Data

TECHNOLOGY

July, 2018,Posted by: V

Data Security - Cloud or Cloudy

This is the fourth of a series of articles on data security.

CLOUD OR CLOUDY

More and more businesses are enticed and elect to move their critical production systems to the cloud. Hardly any homework has been done and there is very less awareness on what it entails. Most do not realize that hosting your critical software and data on the cloud means moving your lifeline to a remote server with minimal controls, hyped promises and no understanding on how the data is stored, accessed, backed up or replicated across the country or the continents.
Hosting on a cloud service is like giving the keys of the kingdom to someone else.
Having mentioned that, cloud hosting is probably the most effective and “safer” solution for most businesses, from small to large. There are indeed distinct advantages on cloud hosting.
Since we are on the subject of data security, we will continue on the topic on how this can be best achieved with a little homework and diligence.
If considering to move your systems to a small or smaller company providing hosting services, ask the company to provide details on the education, training and background checks for all individuals who can access the data servers. Is your system and data hosted on exclusive servers or shared with their other customers. Is it affordable to have exclusive cloud hosting for your data? What physical to digital and electronic processes are in place to secure your data on the cloud. How are the backups taken and where are they stored? Are the backups encrypted before they are taken or while the data is moved from your system to their backup systems? How are the backups stored and what is the retention periods? How are old backups or remnants of old servers destroyed? Does the cloud hosting vendor destroy the physical drives or just deletes the files and re-purposes the servers for another customer who can now use tools to recover your data?
If you consider to move to one of the well-known giants like Microsoft Azure or Amazon AWS, you can and should still know exactly how they move and store your data as well as control the transfer and backups. Does the provider backup your data outside the country or across the geographical locations? Do you have the access to the backups to destroy old data or does the company have a structured routine in place to do so and provide confirmation? Be aware that both Microsoft and Amazon, and probably other larger hosting providers too, have Government cloud hosting which is supposedly isolated from the regular commercial network and the data resides within United States only. The government cloud has additional restrictions to conform to the regulations.
Creating a Compliance Officer position adds a huge value to your organization. Hire an expert on the payroll who is involved in business decisions and helps contain breaches.