Store Your Sensitive Data in the Cloud Securely
In partnership for our May Blog Series, we have joined forces with Cyber SC! Every Wednesday, in an effort to learn more and speak more on the topic of Cyber-Security, we will be sharing a blog from their archives. As experts on the topic, we thought it would be a great opportunity and focus as we head away from COVID-19 and back to some semblance of reality. With things at a vulnerable state, the topic is more important than ever, so, we hope you enjoy! And, a huge thank you to Dominic Vogel and his team at Cyber SC for making this possible!
The following is written by Cyber SC
WHAT IS CLOUD STORAGE?
At its root, cloud storage is online data storage supplied by a third-party provider. Cloud storage lets you store your files, pictures, videos etc. on the server of your provider of choice. The disadvantage of cloud storage is that you don’t have direct control of those files because they’re not saved within your own walls. On the other hand, there are some important advantages, including:
1. Visibility: You don’t have to be tied down to a particular workstation. You can access your files through a secure connection.
2. Bandwidth: It is less confusing to send and receive files. You can just send a link to that file in your drive and provide access to whomever you choose.
3. Built-in Disaster Recovery: Your files are being backed up for you if your computer crashes.
MORE COMMON PLATFORMS
Choosing which reputable cloud storage provider to use is less important than understanding how to securely store your data in the cloud.
Ultimately, it doesn’t matter which of the popular cloud vendors (Microsoft Azure, Google Cloud Platform, or Amazon AWS) you choose — all of these providers have good security measures in place. What matters most is how you configure them so that you’re using your cloud storage securely.
YOUR CROWN JEWELS
Putting online data storage for your organization into perspective of the big information security picture, cloud storage is one important aspect of the technology category. In order to keep your critical data secure, you need to take good care of each of the following cyber security categories: People, Processes and Technology. A common misconception is that when data that has been entrusted to your organization is stored elsewhere, the risk is transferred along with it to the cloud provider. Unfortunately, from a legal perspective, this is not the case; You are responsible for safeguarding this data.
Before you store any data in the cloud, the first step you must take is to be aware of your data. What are the crown jewels, the most sensitive information belonging to your customers, business partners, vendors, clients, and shareholders, in your organization? From there, you must be aware of the risks you face when you choose to store any data in the cloud.
WHAT IS THE UNDERLYING RISK?
The top four inherent risks in cloud storage are:
1. Risk of unauthorized access to your sensitive business data.
2. Legal, contractual and compliance risks such has health care information which can’t be stored outside of Canada.
3. Cloud storage vendor security risks in that the vendor might not have the proper security controls in place.
4. Availability (down time) risks if the platform goes down and you can’t access your files.
HOW DO WE ADDRESS THOSE RISKS?
Firstly, make sure you take the time to go through the access controls provided by the cloud provider to ensure that they mirror your internal access permissions within your company. You can take security a step further by encrypting your files before you store them in the cloud so it’s not being sent as raw data.
Secondly, understand what categories of critical data you have and which files you can store on the cloud. Then, go down the lists of your legal, contractual and regulatory compliance obligations when it comes to where and how you store critical data. This will enable you to effectively and securely manage your data.
Thirdly, if you are considering smaller cloud service providers, take time to do your due diligence on your chosen provider, either internally, or through a trusted third-party expert.
Fourthly, familiarize yourself with your Service Level Agreements with your provider. If the cloud provider can provide up-time to your required level, chances are they can do a better job than what you could achieve in-house. Find out what percentage of up time they are committed to and what happens when there is downtime (i.e. you get money back).
CONCLUSION
The main and most important takeaway from this article is to be aware of your data and understand how to store your files in the cloud securely. In order to experience the benefits of storing your information in the cloud, you need to do three things: Choose a reputable provider, understand the risk you face and take the steps outlined above to address those risks. Doing cloud security properly is the right thing to do for your shareholders, vendors, business partners, employees and customers.