Monday, February 18, 2013
Companies still responsible for security for cloud-stored data
For businesses of all kinds, use of cloud computing is no longer a recommended option - it's a requirement. In a few years, the cloud will likely be seen much the way the internet is seen today: an essential requirement for any successful organization. Already, many consider the cloud a basic necessity, and those that fail to leverage this resource will struggle to remain competitive with their more tech-savvy rivals.
Despite the rapid expansion of cloud computing adoption around the world, however, many individuals and organizations continue to hold misguided notions about what the cloud is, how it works and what its use entails. In some cases, these misunderstandings can have extreme consequences.
One of the most prominent and significant of these mistaken beliefs is the idea that responsibility for data stored in and transferred through the cloud falls on the cloud vendor. In reality, as The Guardian recently highlighted, it is the company that generated and owns the data which retains responsibility for the protection of this information. Failure to secure this data can prove costly.
According to the news source, the U.K. Information Commissioner's Office (ICO) recently published guidelines concerning responsibility in the event of data breaches in the cloud. In these cases, liability rests entirely upon the data owner, not the cloud provider. Effectively, digital data that exists in the cloud is treated in much the same way as physical records that have been entrusted to a third party for transportation or storage. If data or records held by third parties are lost or stolen, that third party will not be held legally responsible.
This is a critical point, especially considering the seriousness of the regulations that surround corporate data protection standards. In many industries, a firm that is judged to have taken insufficient steps to protect client data may face significant fines. Companies may be forced to pay anywhere from tens of thousands to millions of dollars, depending on the nature of the breach.
While The Guardian report focuses on U.K. laws, regulations are much the same in the United States and elsewhere. The status quo is for data ownership and responsibility for its protection to go hand-in-hand.
Obviously, this state of affairs does not mean that companies should avoid using the cloud. Rather, businesses must simply take greater steps to ensure the security of their data when utilizing cloud solutions.
For example, organizations should consider investing in advanced cloud FTP solutions that can protect files as they are sent and received by employees, regardless of whether they are in or out of the office. One of the biggest advantages of the cloud is its flexibility, as it allows employees to access and transfer corporate data from any computer with an internet connection. Cloud FTP tools can ensure that these actions are secure, thereby greatly reducing the risk of a data breach.