A significant part of planning for a migration to a cloud base environment is an assessment of what information can and cannot, or indeed should not be held in the cloud. The two main threats to an organisation using cloud technologies are loss of access to the cloud host and external threats from data thieves and ransomware attack.
Access and Security are particularly important if the cloud is to be a public cloud, or a private cloud managed by an outsourced organisation providing cloud computer services. The consideration must extend to how the data is managed as part of the of Cloud Backup Service. Live data should not be accessible to third parties, but if data backups are held under less stringent security, they may be more vulnerable to attack.
The organisation needs to interrogate it’s Cloud Services UK provider. Cloud providers are equally likely as anyone else to be the target of hackers and the organisation needs to understand how it will implement and manage an appropriate security environment, including contractual commitments. But please remember and understand that companies can upload information to the cloud, but the ultimate responsibility of protecting that information remains with the company.
In that light, cloud technology is relatively new, and some security issues need to be ironed out. This is particularly true for a small business who is relying on their Cloud computer services provider to define and apply the security environment for live and backup data.
Information may have a need to remain confidential for legal reasons, for business reasons, and for personal reasons.
Before going to the cloud, the prospective user should ask some pertinent questions, and based on the answers decide what can and cannot be held in the cloud.
What You Can Upload
- Web Data. Many companies operate a customer portal providing support services, product information and purchasing.
- Email. Yes and a little bit no. One of the benefits of the cloud is that the employee has access to company services from anywhere, and that should include email. However, the organisation must use an encryption technology like PGP for confidential and sensitive email.
- Basic Data Files. Another significant benefit of the cloud is allowing information to be shared between employees and employee groups wherever they are situated. For example the JIRA collaboration system allows sharing of project team files between distant team members.
What You Can’t Upload
- Litigation, Medical and Personal Information. On top of the privacy laws relating to the storage and handling of legal, medical and employment information, a prudent company will have confidentiality agreements written into employee employment contracts. This may be averted in time with the development of strong encryption protocols that are not yet available and uncrackable.
- Mission Critical Information. However comprehensive the Business Continuation Strategy, any loss of access to the cloud will directly impact business revenue and customer satisfaction. Loss of Access may not include a security breach, but information and systems that allow your business to run every day should not be held solely in the cloud.
- Research and Intellectual Property Data. If a company is dependent on research to develop future products, then critical research data shouldn’t be uploaded to the cloud. If so, then hackers could use ransomware to demand payment for its return on the basis that they could sell it to a competitor. Similarly for data considered as Intellectual Property.
While the Cloud has undoubted advantages from cost and operational standpoints, an organisation considering moving to a cloud basis needs to very carefully consider several issues around data security and continuing business operations following loss of access to the cloud.