Companies are beginning to entrust their data to third-party cloud computing services — but that strategy comes with certain risks. Here's an overview of some of the most critical issues to keep in mind.
As virtualization technologies become increasingly popular, more and more businesses are thinking about using cloud computing for disaster recovery. Experts in the field believe there are many advantages in embracing this solution — however, there are also some potential threats to take into account.
When considering cloud computing services, organisations need to look at the possible risks to their information assets and evaluate how a third-party supplier will affect the confidentiality, integrity, and availability of their data. Here are five tips on how to deal with the main challenges.
1: Risk assessment and asset valuation
Right from the outset, organisations should try to determine the greatest risks to the business and identify which information assets are too important or too sensitive to hand over to a third-party supplier to control.
2: Smoke and mirrors
To overcome the risks associated with choosing a new supplier, it's a good idea to carry out due diligence. Find out all you can about who you will be trusting with your information. Review the supplier's facilities, processes and procedures, and references. Check to see whether they're ISO27001 accredited.
3: Migrating information
Once you decide to partially or wholly move data/systems to the cloud, the biggest challenge is ensuring a seamless migration to the external provider's service. This is a delicate step. If dealt with inadequately, you could face data loss, leakage, or downtime, which could prove extremely costly to the business.
4: Service level management
When businesses trust third parties with their vital corporate, personal, and sensitive information, it is important to set up structured SLAs, confidentiality agreements, security incident handling procedures, and reporting metrics. Above all, you must ensure that the supplier provides compliant, transparent, real-time, accurate service performance and availability information.
5: Retention and disposal
Depending on the policies and regulatory requirements applicable to the business, one of the main challenges with cloud computing is making sure the corporate retention polices are enforced if the information is located outside the company's IT network perimeter. Obtaining certificates relating to the destruction of data is one thing, but proving that information identified as sensitive or personal is kept only as long as necessary is another. With the economies of scale often associated with cloud computing, total adherence with retention policies of individual companies may prove difficult if resilience, backup, and snapshot technologies are employed to safeguard the environment from outages or data loss.
David Cowan is Head of Infrastructure and Security at London-based IT Service provider Plan-Net.