One of the major reasons for the trepidation with moving to the cloud is security. Data security breaches have garnered a lot of attention in the media and rightly so. Breaches are expensive to remedy and, if the breach involved personal identifiable information, a company needs to restore the confidence its customers may have lost because of the breach. This is why before moving to the cloud you need to do your due diligence on the provider to determine the security measures the provider has in place.
Reputable cloud providers will have gone through an information technology security audit such as SSAE 16 (which has replaced the SAS 70), but has your company done the same? The fact is that a company’s data may actually be more vulnerable to a breach than if it was stored in the cloud. After all, data security is ancillary to the business of most companies whereas it is part and parcel to most cloud computing businesses.
More importantly, even if a company is confident that its internal data security measures would pass a SSAE 16 audit, the chances are that your employees are using less secure cloud computing resources without your knowledge. For example, many people use Dropbox or Google Docs store files, sometimes sensitive files, so they are accessible by others or from a location away from the office. These cloud computing options may be less secure than the company’s security measures.
Like the social media policies that most companies have adopted, companies should consider adopting cloud computing policies as well. These policies should include, among others, lists of approved providers, a process for approving new providers, and guidelines governing what information may be used with a cloud computing vendor. An ounce of prevention is always worth a pound of cure.