There is a lot of buzz around Cloud and the privacy (or perceived lack thereof) of an organizations data in shared environments. We see organizations going through what some may call extreme lengths to ‘protect’ their data in the Cloud. In a lot of cases, some of these security protocols and standards requested go well beyond the level of security the organization itself employs to protect its own data.
This got me wondering, is this necessary in all cases? Granted there are quite a few situations where all possible steps must be taken to ensure the integrity, security and privacy of data. However, in a lot of cases, it seems that the steps being taken are too cumbersome, and in some, counterproductive.
I ask myself how organizations protect themselves from the more real threat of data loss and compromise in everyday scenarios.
Take, for example, cleaning staff who are regularly in contact with files, data, and even have physical access to IT equipment. To what lengths are security protocols followed here? Are background checks completed and validated by the organization? Do companies have the right level of security and management protocols in place to restrict access and validate integrity?
The question must be asked: Are the everyday activities of employees secured in the same fashion that one would like the Cloud to be?
I would garner from experience, that they are most likely not protected at anywhere near a level that Cloud services are required to be.
Most Cloud providers have security standards in place that meet or exceed internal IT environments. They follow industry standards and accepted certifications including SAS70/SSAE16 and PCI, and controls such as Cobit and ISO. These standards are rigorous and difficult to implement for most organizations. Cloud providers are typically built from the ground up to encompass these controls and requirements.
Intrusion detection, security reporting, and 24/7 monitoring are a few of the ways Cloud Services keeps your data and business safe.
I ask you to think about these and other related services. Ask yourself what level is appropriate to balance the risk/return on investment, and evaluate the benefits of using such outsourced services.