I was discussing the use of cloud applications with a friend and client of mine who is an attorney the other day when he struck upon the essence of what should always be the chief concern of anyone considering using cloud applications for their business – who owns the data? In other words, if you’re going to entrust your data to someone else, what is the status of YOUR data on that provider’s servers? Taken a step further, who is responsible for that data if it is compromised and who could be liable for that loss? He went on to say “As an attorney, I see businesses come and go with great regularity. How can I be sure that, if they go bankrupt or suddenly shut their doors that my client information won’t just disappear or wind up in the hands of someone outside of my control?” That is the very heart of the issue of using cloud providers.
I’m surprised everyday by business people I meet that don’t do their due diligence on data ownership in the cloud before turning over custody of their critical business information to someone they've never met in person.
There are several key questions that every organization should ask any cloud vendor before moving their data to that provider:
1. Where is my data housed? (state and national laws and jurisdictions vary drastically)
2. Is the vendor hosting the data themselves or contracting with a 3rd party facility (The answer might surprise you.)
3. What level of security is in place there?
4. Is my data encrypted on that server? What level of encryption? (If their facility is compromised and your data isn’t encrypted YOU could be liable for loss of client information)
5. How do you download backup copies of your live data? (if they close their doors, you could lose it all)
6. What is the SLA (Service Level Agreement) for up-time and data availability? (what’s their service availability and how will they compensate you if they don’t live up to that agreement?)
7. Do they have a fail-over system in place in case their primary server fails? (If they go off line, what provisions do they have to get your data back up and running?)
Of course, there are other operational business questions that should also be asked that may be unique to your organizations business needs but these are the core questions that should be asked to assure your data remains secure, available and is still yours if something ever goes wrong.
No comments:
Post a Comment