Keeping up with worldwide privacy and security challenges is very much like the experience (I can imagine) of a shrimp on a treadmill—or as the white rabbit from “Alice in Wonderland” said, “You have to run very fast just to stay where you are!”
Cloud computing offers many advantages to technology providers and their customers; allowing companies to invest much less in infrastructure and resources that they must host, manage, administer and maintain internally, and instead allows them to invest in the advanced applications they build on an externally hosted and fully redundant environment.
However, as government agencies and companies embrace the costs savings and benefits of the cloud, they remain focused on ensuring that their private and sensitive information is protected and fully secured.
Enterprises have significant concerns about storing business data outside the walls of their enterprises due to non-employee IT administrators possessing a high level of access and control over information; available technology options to secure and manage user access and authentication; and even intentional or accidental actions of employees or contractors.
In order to ease their fears and allow them to confidently utilize the cloud, organizations should consider the following:
1. Understand what sensitive data you have “on premise” before you decide what to move to the cloud
2. Make sure your policies and practices are reasonable and enforceable; then extend them to the cloud
3. Put an auditing solution in place to measure and monitor compliance
4. Ensure that your cloud provider has sufficient security and privacy controls, and validate this with regular reviews
5. Realize that it is no longer a question of if you are going to go to the cloud but what you are going to put in the cloud, and budget security and privacy controls appropriately. This means your training should already address cloud-based storage and applications as well as on premise systems.
As government agencies and businesses alike move their applications to a cloud-based infrastructure, they must understand and fully review the associated privacy and security considerations.
Privacy is a global issue and one thing is certain—even if you build software applications to serve a very specific market segment, you cannot ignore privacy as a fundamental issue that citizens will demand.
Dana Louise Simberkoff is the Senior Vice President of Risk Management and Compliance at AvePoint. She is responsible for executive level consulting, research and analytical support on current and upcoming industry trends, technology, standards, best practices, concepts and solutions for risk management and compliance.