Cloud Security: Part 1
Business Technology | January 18, 2012
The benefits of storing information in the cloud are numerous. Backing up important data, freeing up space on your servers, and having your information easily available to your staff are just a few. If you have been looking into this route, you almost certainly have many questions about the security of the cloud. If your company handles sensitive information that belongs to your customers you may need to stay compliant with HIPAA, PCI or Sarbanes-Oxley regulations.
Is your cloud storage solution following these requirements? If they don’t indicate it in their privacy policies, it’s not easy to tell. Let’s explore this further below.
Compliance
Cloud security has grown to be an important issue recently, as increasing numbers of companies turn to online storage solutions, seeking greater simplicity, scalability and affordability. However the cost in both money and reputation for poor handling of customer data can be extremely high indeed. If your business needs to comply to key regulations associated with patient privacy (HIPAA), credit card security (PCI) or the finance-sector strictures of Sarbanes-Oxley, it can be difficult to find out if a service complies with these important restrictions.
Who is responsible
Cloud security is paramount when handling your sensitive data, but whose responsibility is it? Should you assume that if it is not explained in the privacy policy, that a service provider doesn’t adhere to these regulations? Even though this is clearly the safest option, it may leave you unable to use cloud computing at all. Many services fail to provide detailed information in their privacy rules, possibly to reduce their liability. The hope is that over time cloud storage and sharing will become better self-regulated and companies will decide to disclose their individual practices to the businesses they serve. While such self-regulation is not required currently, many businesses think it is their duty to display clear warnings, outlining what they don’t provide or guarantee.
Ultimately, as there is no current law that states that companies must divulge how tight their security is, the responsibility is in your hands. You must weigh the advantages and disadvantages of cloud storage to decide if it’s suitable for your business.
The benefits of storing information in the cloud are numerous. Backing up important data, freeing up space on your servers, and having your information easily available to your staff are just a few. If you have been looking into this route, you almost certainly have many questions about the security of the cloud. If your company handles sensitive information that belongs to your customers you may need to stay compliant with HIPAA, PCI or Sarbanes-Oxley regulations.
Is your cloud storage solution following these requirements? If they don’t indicate it in their privacy policies, it’s not easy to tell. Let’s explore this further below.
Compliance
Cloud security has grown to be an important issue recently, as increasing numbers of companies turn to online storage solutions, seeking greater simplicity, scalability and affordability. However the cost in both money and reputation for poor handling of customer data can be extremely high indeed. If your business needs to comply to key regulations associated with patient privacy (HIPAA), credit card security (PCI) or the finance-sector strictures of Sarbanes-Oxley, it can be difficult to find out if a service complies with these important restrictions.
Who is responsible
Cloud security is paramount when handling your sensitive data, but whose responsibility is it? Should you assume that if it is not explained in the privacy policy, that a service provider doesn’t adhere to these regulations? Even though this is clearly the safest option, it may leave you unable to use cloud computing at all. Many services fail to provide detailed information in their privacy rules, possibly to reduce their liability. The hope is that over time cloud storage and sharing will become better self-regulated and companies will decide to disclose their individual practices to the businesses they serve. While such self-regulation is not required currently, many businesses think it is their duty to display clear warnings, outlining what they don’t provide or guarantee.
Ultimately, as there is no current law that states that companies must divulge how tight their security is, the responsibility is in your hands. You must weigh the advantages and disadvantages of cloud storage to decide if it’s suitable for your business.