I posted a question (view the question on LinkedIn) regarding the safety of the Cloud on LinkedIn and received some really helpful and interesting answers from experts in the area of ‘Cloud Computing’. This post features the question along with few of the most interesting answers received.
Question: With all the security measures in place (as Cloud advocates boast), how safe is the cloud for storing regulated content?
Answer by Iain Mars (view LinkedIn profile) : With data being accessible online, there’s always going to be a concern with how secure the data is but you could ask the same question with how secure is online banking? As long as you take the necessary precautions with your cloud storage or back up, you shouldn’t have any reason to be concerned about security.
Answer by Francesco Morini (view LinkedIn profile): As an entity outsourcing storage of regulated data, it is hard to understand how a cloud storage service provider (let’s abbreviate it to SP – after all, they must still be considered as traditional service providers) will protect the data being handed over to them.
From personal experience, I’m pretty sure that any SP will be happy to provide its potential customers with tons of paperwork describing the entirety of features and process implemented for ensuring their content’s security – the issue lies behind considering what they say trustworthy.
It was hard enough to verify security for traditional third party data storage services – the Cloud multiplies such complexities at an exponential rate!
Having said this, the cloud may be both as secure and insecure as any other storage option – either internal or outsourced. It all boils down to how it is managed.
Many regulatory standards allow outsourced storage of regulated data, providing that the SPs be selected using pondered and logical approaches.
In addition to this, it is advisable (and in some cases mandatory) that the company outsourcing data storage set forth the rules of engagement – meaning to define Service Level Agreements which specifically require the use of specific security processes and controls.
Whilst this does not automatically ensure the data’s protection, it does force the SP to do its best in delivering effective security.
Again, it is advisable (and in some cases mandatory) that SP processes and operations be periodically verified (or audited) by their clients to ensure that the service level agreements are being truly respected – due diligence and continuous monitoring of the SP’s performance is crucial in ensuring
the data’s protection
Answer by Vincent Maiello (view LinkedIn profile):The jury is still out on storing regulated content in the public cloud, although private cloud usage is on the rise. The key is to appropriately classify your data and develop a strategic storage plan that aligns perfectly with the business requirements and use cases along with the catalog of services offered by an IT department. Going to the cloud, particularly with regulated content, should be a highly managed transformational activity that takes this all into account. Many organizations are going to the cloud without a plan, which is a big mistake.