Location Risk Monitoring

How Secure is Your Data in Third Party Cloud?

Written by Shivaraj K M

Application of cloud and related services has become so ubiquitous in recent years that almost every company uses it in one form or the other. Even everyday productivity and collaboration applications such as Office 365 or G Suite are based on cloud technology.  Yet, one of the least spoken about data security threats every company faces today is the protection of data in cloud.

What’s in it for businesses?

Cloud allows companies to push their data and applications onto a third party service provider. Companies do not have to invest in their own hardware which may become obsolete in near future and they can leverage ‘pay-as-you-go’ (PAYG) depending on the usage. The company, depending on the number of users/requests, can change its resources as it is owned by a third party service provider. With this, even the small- and medium-sized enterprises get access to technology that was exclusively available for big firms.

Companies deploy cloud services either on public cloud or private cloud. In public cloud, servers and storage are owned by third party service provider and the entire infrastructure is shared by different organizations, whereas in private cloud, the computing resources are exclusively used by one company.  So, in a private cloud network, the user has higher control and can employ higher security measures. For this reason, private clouds are often used for mission critical and highly sensible data and public clouds are used for email, online office applications, storage and testing, and development environments.

Security threats

In terms of security, the cloud technology comes with its own set of benefits that include lower chances of internal breach, data redundancy that helps in disaster recovery, in-built data security measures by the cloud service supplier, and easier data security auditing.

However, cloud centers with a large amount of data from different enterprises at the same premise make them attractive prospects for hackers. The cloud providers, just like any other companies, have to hire and rotate individual employees. Different employees will have various amount of access to sensitive data. The data may also be residing in different geographies with their own data regulatory practices. The cloud service provider has to abide by different data security practices according to the local regulations. Apart from these, there could be acquisitions and mergers involving the service provider.

What should companies do to secure their cloud data?

The key to keeping data safe in cloud is to ask direct and clear questions to the supplier. Companies need to take the initiative and not be complacent about the data in cloud. Companies need to understand the roles and responsibilities of key individual employees responsible for each security measure. They can also do regular security audits to check if the service provider regularly conducts PEN tests and complies with PCI and SAS 70 Type II standards, if necessary. Companies can also get details of the actual location of the cloud server to make sure that the service provider is taking appropriate physical security measures.

For more insights/updates on risks related to cloud security, subscribe to Supply Wisdom AlertsTake a free trial to see how we can help you stay up-to-date on latest trends and be more proactive about monitoring and managing risks across your global locations and suppliers.

Announcing Supply Wisdom® Exuma

The next evolution in Automated Risk Management is here. Now you can automate risk mitigation across the entire risk management lifecycle, from Risk Identification to Risk Decision to Risk Action.