How to keep your data safe when migrating to the Cloud
We list three important things that businesses need to consider when moving their data over to a cloud-based system or application.
There’s no doubt about it – cloud-based services have opened up countless possibilities for businesses of all sizes, and has in fact revolutionised the way we work. However, as your company evolves, managing and protecting your data can become tricky.
When workers used desktop-based systems, IT departments simply deployed ‘kill pill’ technology, which is designed to limit functionality and disable access for a particular user. With the introduction of cloud-based systems, which make it easy for users to view documents and files from any location at any time as long as they have the right permissions, businesses have had to find new ways to ensure they’re compliant with all protect their data from not only hackers, but also existing- and ex-employees.
This article will explain how you can set your business up in the Cloud without compromising the security of your data (and the reputation of your business, at that).
1. Choose the right cloud infrastructure for your business
The way that your cloud services are deployed will determine the risk to your data, and who’s ultimately in charge of it. It’s crucial that you choose the right setup. There are typically three different types of cloud models, and each offers various pros and cons:
Private cloud – a private cloud is solely used by the customer (aka you), but the supporting hardware may be managed by a cloud provider via an outsourcing contract. Access to a private cloud may also be restricted to a local or wide area network.
Community cloud – as the name suggests, a community cloud is shared by a pool of users. Access to a community cloud may be restricted to a wide area network.
Public cloud – the cloud space is fully managed by the cloud provider and can be accessed by cloud users over the public internet.
Not sure if any of the above models are a good fit? There’s always the hybrid cloud, which gives customers the opportunity to segregate data across different cloud services. Access can be restricted according to the type of information each cloud contains.
2. Work out which data can be moved into the Cloud and which data shouldn’t be tampered with
It’s tempting to jump on the bandwagon without really considering whether or not cloud computing is a good match for your organisation. Decision makers have a tendency to want to move all of their data into the Cloud, all at once, thinking this will save them time and money in the longer term.
This might well be the case, but plenty of businesses are adopting a hybrid cloud strategy. This type of cloud deployment method puts certain data in the public domain and hides other types of data away in a private cloud, allowing businesses to use cloud services to their full advantage and simultaneously minimise risk.
Some data might need to stay within your existing systems, whether they’re onsite or hosted elsewhere, to comply with any assurances that were put into place when the data was originally collected from your clients or your peers. Check your initial agreements and go through your cloud provider’s offering with a fine tooth comb to avoid committing to a cloud service that’s not fit for purpose (or one that could get you into trouble with the authorities!).
3. Make sure your data is still compliant with data protection laws while it’s being stored in the Cloud
If you’re looking to move your data into the Cloud, you’ll need to know who’s going to be responsible for managing and controlling it. Even though all of your data is hosted remotely, it’s still subject to the usual data protection laws.
Sending all of your data up to the sky could actually compromise your company’s ability to meet the requirements of the Data Protection Act (DPA) of 1998. It’s important to identify who the data controller is and whether the responsibility for making sure your company is still fully compliant lies with the cloud provider, the organisation that’s commissioning the cloud service, or the end user – you.
This handy guide from the Information Commissioner’s Office will help you determine who’s responsible for compliance in any cloud system.
The online code of practice document will tell you everything you need to know about how the DPA applies to information that’s processed online, and in the Cloud.