Do you know where and how your cloud provider stores your data?
“The moment your company’s data lands on a cloud storage device in another country, it is subject to the privacy and transparency laws of that country – has your legal right of access headache just begun?”
I’m a little fascinated, but mostly miffed, with small to medium sized enterprises (SMEs) who do not insist on knowing where and how their cloud provider holds their data and who has access to it.
Please don’t sit there, I say to software-as-a-service and data center sales people, and tell me your company’s data and worse, my company’s data will be safe, if you can’t or won’t prove where the data is held, how it is stored, and who has access to it. But still they try to convince me anyway.
The following are key steps to ensuring successful data control in the cloud:
Take a step back.
The benefits of the cloud to an SME are real; the model gives you a compelling pay-as-you-go arrangement for a wide range of accessible IT and data processing services. It is faster, cheaper, flexible, and more agile and elastic compared to traditional non-cloud IT models.
So what’s the problem?
The cloud is a ‘distributed environment’ of connected servers that distribute and execute data-processing tasks. It is the location of these servers, whether they are dedicated to your business or a shared business service, that poses risks to the data of small and large companies alike.
Servers are housed in large multi-million-dollar data-centers, owned and managed by large companies whose location and dominant markets influence where they hold both your primary and back-up data – you rarely get to choose where they hold your data, and if you do it’s usually at the continent level.
In the worst-case scenario, even if your company has strict data privacy policies there are few if any laws to prevent a cloud provider spreading your data across the countries in which it operates as it optimizes and balances the operations of its hosting infrastructure.
And the moment your company’s data lands on a storage device in another country, it is subject to the privacy and transparency laws of that country. Has your legal right of access headache, and possibly worse, just begun?
Your data may rest on a shared service alongside competitor’s data, should their data be compromised there little you can do to stop your data from being accessed – that door was opened the moment you allowed your data onto a shared device.
So, what’s the solution?
Before you outsource company data services to a cloud service provider, our advice is to identify and mitigate – as a minimum –the 10 risks below, and most importantly, choose a provider who will prove where and how your data will be held.
Sensible due diligence now may save you a lot of time, money and pain later.
Check the following 10 points against your internal privacy, risk and quality plans, even if you haven’t gotten around to writing these, check the 10 points anyway, it’s your data and that of your customers at risk.
- 1. Will my company data be held exclusively within the country of origin?
- 2. Where will my company’s data be backed-up to? See point 1.
- 3. How will data redundancy (data duplication) be handled?
- 4. How will data loss be prevented?
- 5. How will data leakage be prevented?
- 6. How will data exclusivity and privacy be upheld?
- 7. How will deleted data be erased?
- 8. How will data protection be ensured?
- 9. How will data encryption be ensured?
- 10. How will secure transmission of data be ensured? .
And lastly make sure your data will be available when you need it.
Ops-on-Demand provides managed hybrid and private cloud infrastructure and IT services, and rather than seeing the above points as a barrier to cloud adoption, we believe quite the opposite – they are our strategy for cloud adoption.
We ensure that we and our customers are in control their data at all times, and that it will be available whenever it is needed.