By Andrew Soddy Sales Director: Mimecast
Cloud computing services, like many new and exciting technical offerings, can be both risky and beneficial to businesses. Although executives and IT managers alike are growing increasingly interested in the perceived benefits attached to off-premise or hosted solutions – particularly the reduction of cost and complexity within corporate IT environments, this emerging sector is still highly unregulated and as a result is susceptible to lack of accountability.
“In the rush to take on cloud services, many businesses are not slowing down to ask the vitally important questions about how and where data is stored,” says Director of Sales at Mimecast. All too often, technical managers simply accept that their mission critical data is safe. In reality, a distinct muddying of the fine print in service level agreements places the onus on the customer to take responsibility.
How then, in the face of rising uncertainty and unclear expectations, can businesses protect sensitive information stored within the cloud? The first, and most critical step, is to comprehensively audit your chosen service provider. Always ensure that you have a good understanding of your responsibilities as a customer and seek out references wherever possible.
The vast majority of reliable cloud solutions will include service level agreements and may, in fact, be officially certified. The goal should be to ensure that all customer data is kept safely guarded at all times. This is a good example of the warranties one should seek out when selecting a viable cloud option.
An agreement that details cloud security particulars is also critical. Mimecast, for instance, stores all information in a fully encrypted and secure archive. When investigating cloud service offerings, businesses should take care to investigate such details.
In the event that corporate data is lost or leaked, the Protection of Private Information (POPI) Act clearly states that the company is to blame. Seeking out a trusted and established cloud provider can be an effective safeguard in a circumstance of this nature.
Indeed, cloud security risks often emerge within the organisation. The advent of popular consumer grade cloud storage solutions and the popularisation of BYOD (Bring Your Own Device) have made it far easier for staff to permanently remove, duplicate or share sensitive data with unwarranted parties.
The implementation of several unrelated cloud service offerings only serves to exacerbate the challenge. Commonly referred to as data fragmentation, this practice poses a significant risk to cloud security. Combatting this trend requires the adoption of a common cloud platform that ticks all the boxes.
In conclusion, an important aspect of effective cloud security is protecting mission critical information. When seeking out a cloud service provider, it is absolutely vital that corporate entities accept no less.