Lee House: 5 Essential Tips to Protect Your Data Privacy, or That of Your Customers, When Using Cloud Computing

(Editor’s note: security is often cited as a concern when it comes to cloud computing. But it’s not as if you, the user, is powerless or has no role to play in security. The reality is that a cloud deployment is as secure as you make it. Don’t believe me? Okay, then – listen to Lee House. Lee’s a vice president at I.B.I.S. Inc. and a regular contributor to Software ThinkTank (http://softwarethinktank.com). His work experience includes Vantive, PeopleSoft, Microsoft Corporation, Epiphany and Marcam. He has an extensive background in ERP and CRM and has worked in sales, operations and management functions throughout his long career. He was kind enough to lend his thoughts to CRM Outsiders.)

Cloud computing is taking over the software market, and it’s no surprise to see the data concerns that plagued on-site data storage have floated up into the clouds as well. While the location where data is secured has changed, the issues that top-notch security experts have been talking about have not. You have data, be it from your organization or from your clients, and you need to house this data securely to avoid the private, legal and corporate ramifications of a security breach. Data is a very valuable asset in the corporate world, and yet with a concept such as the cloud, new adopters and users face very real security concerns.

So how do you protect your data? The good news is that many of the practices you’ve adopted over the years to secure your on-site server can be directly translated to the cloud.

1.    Encrypt all data, all the time

Make sure that any data stored on the cloud is well encrypted. That way, should a security breach occur, your information is harder to access. Just make sure that the encryption keys are stored off the cloud – you wouldn’t hide the key to your front door in the lock, so why store the encryption key with your data?

Encryption also ensures that you have full control over your data, eliminating concerns over third-party jurisdiction. When you store data on the cloud, you need to know that it will be there, as you placed it, whenever you need it.

2.    Choose a partner that you trust.

Before you sign a contract, do your research. Look at the cloud service provider’s privacy policy, the protection they offer, and the guarantees provided. Most service providers guarantee 99.9 percent uptime – they offer a service, and it’s in their best interest to keep their customers happy. Constant, secure access makes users happy and is in the best interest of the cloud service provider.

3.    Keep your eyes open.

Even though you’re using a cloud solution you still need an IT team. Monitor your data, install additional firewalls to prevent unauthorized access, and run tests. External security penetration tests will give you and your clients peace of mind in knowing that sensitive data and information is securely stored.

Cloud agreements will ensure that you are notified if there is any breach of security surrounding your data, but wouldn’t you also want to know if other users of the cloud solution experienced a security issue?  Obviously firewalls are in place and data is kept separated by user, but ask to be notified if anyone else’s information stored by the service provider is compromised.

4.    Confidentiality is key.

Do you send your coworkers your email address and password information? Of course not! So don’t share cloud access with people who don’t need it. The more people with access to secure information, the greater the risk for privacy breach. Sharing the data only with those who need to use it enables you to keep a closer eye on who is accessing secure information, and why.

5.    Employ best practices.

Making sure that all internal programming follows best practices will allow your organization to avoid unnecessary risk and vulnerability. Securing your site and data gathering tools will add another level to the protection of confidential information stored on the cloud. If they can’t find it, they can’t access it!

Data privacy and the cloud has been a topic of conversation over the past few years, and will continue to be so moving forward. Cloud service providers are running a business, too; best-in-class security and a good reputation are valuable currency, so those who provide cloud services have a vested interest in protecting your data. When you store private information in-house, you have a small team of IT professionals maintaining security while simultaneously completing all other job tasks. Cloud service providers often have a dedicated team working solely to secure the data they store for users. They have insight and experience with a variety of security issues, but that doesn’t mean that you can’t follow best practices to protect your information. Do your due diligence and make sure that security is thoroughly addressed before you decide to store your business’ data in the cloud. Also be sure to monitor your data continuously to keep it secure.