Inside TDV - The Data Vault Blog
Determining Cloud Control
According to a recent survey of Harvard Business Review readers in large and midsize organizations, 70% said their organizations had adopted cloud computing. Of these, an additional 74% said it provided a significant competitive advantage. This potential for cost savings and increased business efficiency helps explain why cloud use is expected to continue its rapid growth. But there are associated risks with cloud use, and they can be summed up in a single word: control.
When an organization utilizes a cloud service, it gives up a measure of control over the security, availability, and quality of the data it entrusts to the provider.Therefore, before an organization engages with a cloud solution, it should go through the process of gathering requirements and performing due diligence.
Determine Privacy & Security Requirements
However simple or sophisticated the need might be, the focus should first be on what requirements apply to the data that will be stored. Many data security and privacy laws apply to businesses, based not only on their industry but also on the nature of the data. For example: personally identifiable information in the form of 1) medical, 2) credit, or 3) employee records can each implicate different legal requirements. Some privacy requirements apply to particular industries, such as the Graham-Leach-Bliley Act (financial), HIPAA (medical), and the DFARS (defense). Other laws, such as Massachusetts’ data security law, apply to virtually any organization maintaining information on individuals residing within the statute’s jurisdiction.
Perform Due Diligence
Another important aspect of evaluating a cloud solution is determining how secure your company’s data will be. If the service provider will provide simple cloud-based storage and nothing more, an organization might achieve the greatest level of security by storing the data in encrypted form and retaining the encryption key. But in many contexts, encryption of all data in the cloud is not a feasible solution. However an organization chooses to satisfy itself regarding security, those rights and obligations must be carefully documented in the contract. Moreover, organizations should ensure that the security verification process is ongoing throughout the term of the contract.
One related component of this evaluation is learning where the data will be stored physically. This is an instance in which the distinctions between “public” and “private cloud” become important. In a public cloud, the provider typically stores the data of multiple clients on shared physical resources at data centers that are often scattered across the globe. A private cloud implies dedicated physical resources to a specific client, a configuration that should give the client more say over the location and conditions for storage.
The Data Vault Cloud satisfies even the most stringent of requirements, ensuring complete compliance and protection in disaster recovery scenarios. Our expert team works to customize our solution to fit your specific needs, unique to every organization. You can rest assured that our 30+ years of experience is being utilized to allow your enterprise to leverage the potential of the cloud without exposing yourself to unnecessary risks in today’s business environment. Contact us today for a free consultation and information gathering session!