Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Three's a cloud

Joe Lipscombe | April 10, 2013
There are many circumstances that can arise with the result of your data falling into the hands of a third-party provider, such as vendor acquisitions, mergers, or outsourcing toSaaS. The risks surrounding data in the cloud will rise and fall significantly if your business is not on top of the regulations regarding data ownership.

"There are constantly new ways to reduce the chance of data disclosure. Physical access can be made even more secure, and the technology exists to reduce cyber access to someone else's data. The trade-off is always the inconvenience to the legitimate consumer of the data. In that sense, it's really a question for the corporate customer to decide."

Webb raises the topic of mobility and BYOD, and how employees wanting to embrace this trend need to be properly considered if the company wishes to move into the cloud.

"To minimise the risks of moving into the cloud, businesses need to be clear on the use of 'identity' to control access to cloud-based applications and services," he says.

"This is especially true when these services are accessed via mobile devices which are owned by the employee, which is increasingly the case. By thinking carefully about the role of identity and access controls, each employee's access rights can be more easily set to the appropriate level and therefore IT can help prevent sensitive information from being accessed in an insecure way."

If worse comes to worst

Unforeseen circumstances may appear for enterprises that will have them worried about their cloud-based data. This could then quickly lead to the need to remove and retain corporate or sensitive data from the cloud. Contractual agreements will have policies in place surrounding this type of action. Webb says that this situation can be very sensitive.

"Recovery of data from a cloud service is always a sensitive subject and must be addressed in the service level agreements and contract," he stresses.

"The real risk is that the service provider may not adequately destroy data on systems (and in back-ups and images of virtual machines) and therefore the data continues to represent a risk to the organisation long after they have terminated their relationship with the provider."

Third-party agreements in cloud contracts can pose obvious complications, as outlined here. As the experts have outlined, a fully fledged investigation into all parties involved is highly recommended.

 

Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.