He adds that while training is a critical aspect of compliance, automation should be in place so they can't do anything wrong in relation to file transfers and exchanges between on-premises and the cloud. Many customers he's encountered don’t allow manual file transfer at all.
"It may seem shocking but in the moving of secure data, it's typically to support an established business process of some kind," he said. "If I automate it, that will reduce human error, improve efficiencies, help employees with efficiency and not allow them to send a file to the wrong FTP server in Russia," said Castiglione.
Failures of policy and attention
Richard Stiles, vice president of product development with cloud storage provider StoAmigo, faults the vendors for letting the lawyers dictate the policies. "In most cases, what ends up happening is an attorney will write the policy for the protection of the vendor or cloud vendor and the client suffers because these policies are written to protect the vendor. They list things like how they are not responsible for down time, not responsible for data loss, and so on," he says.
He also says most cloud storage companies take a hands-off approach when it comes to storage. "Let's say I upload something to my cloud storage. That vendor that is selling me storage doesn’t part care what I'm putting in that server, all they care about is how much space I'm taking. There is no monitoring of the quality of the upload or download and no guarantee of checking for corruption between sender and receiver," he says.
And that especially goes for cleaning up your old data stores. Don't expect your provider to do that for you, nor should you want it to. "I can't imagine a client being ok with a third-party poring through their digital content in the cloud for them. Anyone who cares enough to back it up on cloud storage will have some expectation of privacy for the content," Stiles says.
Cloud storage providers don't get involved in data management, so once it gets to the storage repository, it sits. The host is not in the loop on the management of the data once it gets there because, quite frankly, the data is none of its business. So storage management, including deduplication and removal of old data, is your responsibility, not your provider.
"It all starts with the company," Stiles says. "They have to determine the value of the data. For some companies, the data is not that important, while for others, it's their life blood. People who use Facebook don’t care about their digital content. But if you are an attorney or a photographer, managing content is your life blood. So it all starts with the client."
Sign up for CIO Asia eNewsletters.