The term “cloud” has been applied to all sorts of online or Internet-based application models, and there are a great many approaches to developing cloud-based services and solutions. What this translates to is a volume of options and possibilities for information storage, management, and access in the cloud.
Understanding where information is stored, how it may be accessed, and how it might be transmitted to others becomes essential knowledge that business owners should have when they engage with any information technology (IT) solution or service. Yet the plethora of “simple, affordable, and instantly gratifying” services currently available on the web all but ensure that businesses will engage with one or more solutions that provide them with little or no information (much less control) over the placement and management of their data.
It Used To Be So Easy
With previous technology models – those that are rapidly becoming “legacy” in the minds of technology professionals – data management and locating business data were fairly straightforward. It was all right there . . . on the hard drive in the server, and the backups were stored on tape. All of it was either in the office server room or closet, and perhaps a backup tape was rotated “off-site” on a weekly basis (off-site often meaning a drawer in the home of the business owner or IT manager). Most businesses felt their information was as secure as it needed to be, and as long as the tape drive was functional, the backups would work just fine.
With remote and mobile computing leading the charge, businesses are now finding that information – data in a multitude of forms and formats – is being replicated, synced, copied, and ported around like it’s everybody’s business. For reasons of simplicity and enabling workers to get work done without having to bother the IT team (bother = consult, in most cases), valuable company information is wandering around and through numerous networks and systems, often without the user even realizing it. It’s just that simple – which makes it pretty scary, too.
Data Storage in the Cloud Makes It More Complicated
Even though hosted applications, software as a service (SaaS) solutions, and cloud server hosting offerings are all built from actual computers in actual networks, the ubiquity of the cloud in many ways obscures the view into where services and data storage are actually provisioned from, often removing the ability of the business to understand at any given moment exactly where information may be stored.
More concerning is the practice of developing application and data integrations, which may benefit customers, but which are introduced without the customers being given the choice of sharing their data with another system or not. A “connected ecosystem” of applications and services can provide some of the benefits that legacy enterprise resource planning (ERP) and similar frameworks provided, and may even provide customers with a modicum of choice in terms of selecting integration partners or providers. Quite frequently, however, data sharing occurs without customer knowledge or specific consent, challenging even the most capable IT and risk managers.
Know Where Data Is Now and Control Where It Goes Later
Data management in a cloud and mobile computing business is a challenge that isn’t going away. And it’s not enough to simply know where the data is stored; it’s essential that the business understand the possibilities for accessing the data – by users, by other systems, and even by other cloud-based applications – in order to quantify and manage the risk associated with business data storage in the cloud.
The best way for a business to approach the problem is to:
- Establish a set of questions for each provider,
- Understand each provider’s security policies and certifications, and
- Delve deep into the service-level agreements to ensure the specific services and coverage a business needs are included.
Additionally, knowing what information is available for access to mobile users and devices is essential. Device and access (mobility or bring your own device [BYOD]) policies should be in place, and adherence should be monitored closely to help ensure protection and privacy of business data.
It’s not enough to simply assume that data is secure and users are following policy. Businesses must take active steps to ensure their users and service providers alike are meeting the established requirements to keep business information in the cloud secure.
© 2014 by Joanie Mann