In a recent blog
post for Forrester Research, analyst Mike Gualtieri remarked that the security
of cloud data storage services can be negated by a single careless programmer (http://bit.ly/T3AFSS). Dropbox has famously fallen victim to this
problem.
Cloud data
storage services are another form of outsourcing and as such client companies
are incredibly reliant on the actions of the outsourced organization (and their
staff) for data governance and security issues.
At the same time, the liability for the data remains with the client
company. You can outsource the function, but you cannot outsource the
liability, which means a single misstep by your cloud provider -- as Gualtieri
says -- can obliterate your company’s reputation.
Gualtieri goes
on to say, “…don't just tell me about your authentication and
encryption for file access, transfer, and storage. Tell me how your testing
processes will catch coding errors that could compromise the security of my
files.” Beyond coding errors,
organizations have already invested time and money in authorization processes
(including regular entitlement reviews), classification technologies, disaster
recovery, and other controls.
Without processes,
controls, and testing that are comparable to those found in today’s data-driven
organizations, outsourcing of
data management to a cloud provider is a dangerous game. In the UK, for example, a slip-up could well
land you with a data breach penalty of up to £250,000 from the Information
Commissioner’s Office.
Besides putting
your cloud provider through a comprehensive vetting process, these risks may be
easier to mitigate by opting for technologies that enable businesses to keep
their data on their own servers, using existing permissions, policies and
procedures, while providing the same end-user convenience.
No comments:
Post a Comment