02.08.12
Are There Clouds in Your Future?
Certainly cloud computing is attracting lots of attention, luring smart phone customers to huge corporations. A recent survey asked people if they felt the cloud was delivering value. 41% responded yes, 5% said no, 39% thought it was too soon to tell, and 15% were unsure.
Regardless of where you fall in the spectrum, looking at various aspects of the issue is important before deciding to move to the cloud. It is essential to make good plans to protect sensitive data. Companies should thoroughly investigate “potential cloud providers, provider contract language, what data is stored in the cloud, where the data is actually located and with whom the virtual space is shared.”
Perhaps most important is deciding what data is going to be stored and how that data needs to be protected. One option may be to keep sensitive, personal information off the cloud entirely. “Certain data subject to state or federal regulations may have specific security requirements.” Encryption may be used to protect data stored in the cloud, as long as the encryption key is not stored on the same server.
Investigate the cloud service provider, checking their history, the business and customer references. Ask about their security protocols. They may have audit certifications by a third party to attest to their claims. Find out what type of cloud computing they offer:
· a private cloud - exclusive use by a single organization,
· a community cloud - which might be shared by different companies with shared concerns, such as financial institutions,
· a public cloud - open to the general public, or
· a hybrid cloud - composed of two or more of the above.
You may also want to inquire as to where data centers are located. Sometimes moving sensitive data across borders (especially internationally) can be an issue. Ask about the availability of data “if there is a catastrophe, if the cloud service provider goes out of business or if the user decides to switch cloud service providers.” How vulnerable will your data be if “another company on the same cloud is attacked or if the cloud service provider itself is a target?”
Because cloud service providers generally include little or no liability, insurance coverage is an important issue. Have your insurance broker review your policies to make sure you have adequate coverage for cloud computing. Insurance coverage for cloud users is usually included in cyber risk policies.
From Business Insurance, January 16, 2012 issue, pp. 9-11.