The Cloud. That big, vague entity where a lot
of us our entrusting our information has lifted a huge burden off of businesses
by alleviating the need for expensive onsite hardware. It makes user management
a little more user friendly. It keeps us connected and in communication no
matter where we are.
It’s pretty great, right? With every silver
lining, there is a darker, more dreary side. For cloud computing, it’s the fact
that, like all technology, it is not inherently secure.
The Cloud is (Basically) Just
Someone Else’s Computer
When you connect a computer to the Internet,
you invite outside entities to try to infiltrate it. Viruses, malware,
unpatched vulnerabilities, and other threats can creep onto an unprotected
device and take over. This could lead to data theft or data loss. That’s why we
all know to use antivirus and avoid using outdated software. That’s why we
don’t install random software or visit sketchy websites. I’m pretty confident
my reader base knows the drill here.
The cloud is essentially no different. It’s
just a computer or an array of computers connected to the Internet. If it isn’t
properly protected, it can be compromised.
If you use Google’s G Suite platform and your
email is handled through Gmail, and you are storing files in Google Drive, then
you are simply using Google’s computers to do so. If you are using Microsoft
365, then you are storing your email and data on Microsoft’s computers.
*Side note, I miss being able to refer to anything related to Microsoft as
belonging to Bill Gates. I’d love to be able to tell clients that they are
using Bill Gates’ computers to store their Outlook. Maybe I just still haven’t
come to terms with the fact that he stepped down from Microsoft back in 2006.
The point is, while we can typically trust
these massive services to handle our data correctly, we still need to be aware
that we are depending on them to do so.
On a smaller scale, you might use a local web
hosting company, or you might pay to host a server at a smaller data center.
The same applies - you are relying on this third-party to keep you safe.
My gut tells me to be skeptical whether I’m
entrusting a major corporation like Microsoft or a small company with a data
center, but at least with Microsoft I know that millions of others are using
the service.
The Cloud Isn’t Always the Fast
Path to Compliance
Complying to industry standards like PCI DSS,
HIPAA, and the GDPR can be a big undertaking, especially for smaller
businesses. Often, a nice big step towards compliance can be to rely on a
third-party who focuses on hosted environments that meet those compliance
regulations. This means that moving towards the cloud is often a win, but you
need to read and understand the fine print before you simply pull the trigger.
For example, let’s say you are storing names
and credit card numbers. You absolutely need to keep this data encrypted and
control who has access. If your cloud host can get around that and employees
can access the data, you might not fall under certain compliances.
When it comes to protecting the data of your
customers, there are a lot of moving parts and considerations, so spending a
lot of time upfront and ensuring that your cloud solution can handle this, AND
doing regular checks will have to become a way of life.
Like Anything Else, It’s Only as
Secure as Its Weakest Link (Sorry, End Users)
Ever play Jenga, where you have to carefully
pull blocks from a stack while trying to prevent the entire tower from falling
over? Each time someone picks at it, there is a greater risk of the whole thing
toppling down. The more hands that get involved means the more likely that
things will go wrong faster.
Security is like that too. An end user could
accidentally share a folder or set it to public. They could have a weak
password, or use the same password on multiple sites. They could lose their
mobile device and inadvertently give someone else access to everything.
Fortunately there are policies and settings
around most of the obvious threats these days, but whether or not they are
enforced is a whole other thing.
Who’s Responsible For Protecting
My Cloud Hosted Data?
When it comes down to compliances, it’s really
up to you. YOU have to protect the sensitive information of your employees,
your customers, and your prospects.
That doesn’t mean you are alone. The IT security experts at Emerge can help audit your IT, whether it is onsite or in the cloud, and help you meet compliances. We take protecting the sensitive data of you, your staff, and your clients very seriously.