This is the eighth in a ten part series on information technology security from SBAM Approved Partner NuWave Technology Partners.
Read Part 1
Read Part 2
Read Part 3
Read Part 4
Read Part 5
Read Part 6
Read Part 7
There are many cloud storage solutions such as Dropbox, Google Drive, Microsoft OneDrive, Box, ICloud, Carbonite, JustCloud, etc. Before you put your company’s sensitive date in the hands of one of these services, there are several concerns to address.
The first step with any cloud storage solution is do not use their free offerings for company data. There simply is not enough control with the free accounts, if an employee leaves, the free accounts do not provide a way to remove access to data that may be synced to their local drive on a personal computer or mobile device. With a corporate account, when a user is disabled, the data is automatically deleted from any synced device and all access is denied.
The second concern is with security. Most if not all of these services have had security breaches. In the last article we talked about two factor authentication or 2FA. 2FA is using two types of information to login. Usually a user-id and password along with a temporary code sent to a preset cell phone number. If the cloud services security is breached, the user-id and password alone will not provide access to the data.
A third concern with some of the services is with their corporate stability. Do your homework if you are going to use one of the lesser known service providers. Make sure they are financially stable.
The forth issue is read the user agreement. I know, we like to click “Accept” and move on with our day but, “Your Data is Your Company”. There are several things in the user agreement to be aware of such as: which state’s laws control the agreement, does the service provider have multiple data centers for redundancy, do they perform backups, can they restore accidentally deleted data, what are the terms of the agreement, what does extra storage space cost, and what type of support do they offer. There are four things that you should make sure are in the agreement:
- Make sure it’s clear that you own your own data
- Your service agreement needs to stipulate how your cloud provider will respond to a subpoena
- Your provider needs to make backups of your data and guarantee uptime with a penalty clause if they fail to meet their obligation.
- Ask for Cyber Risk insurance and look into SSAE16-SOC2 and NIST 800-54 certifications. These are independent audits of industry standard security procedures.
Most importantly, consult your trusted technology advisor before making any decision about where your data should be stored or any major technology change.