The benefits of storing information in the cloud are extensive. Backing up important data, creating more space on your servers, and having your data easily available to your employees are just a few. If you have been looking into this route, you most likely have many questions about the security of the cloud. If your company handles sensitive information that belongs to your customers you may need to stay compliant with HIPAA, PCI or Sarbanes-Oxley regulations.
Do cloud storage solutions adhere to these regulations? Are they required to? If they haven’t spelled it out in their privacy policies, it is safest to assume they are not compliant. We will explore this more below.
Compliance
Cloud security has become an important issue lately, as increasing numbers of companies turn to online storage solutions, trying to find greater simplicity, scalability and affordability. Yet the cost in both money and reputation for improper handling of customer data can be very high indeed. If your organization needs to comply to key regulations associated with patient privacy (HIPAA), credit card security (PCI) or the finance-sector strictures of Sarbanes-Oxley, it can be difficult to find out if a service complies with these important restrictions.
Who is responsible
Cloud security is vital when handling your sensitive data, but whose responsibility is it? Should you assume that if it is not spelled out in the privacy policy, that a service provider doesn’t follow these regulations? While this is clearly the safest option, it may leave you unable to use cloud computing at all. Many services do not provide detailed information in their privacy rules, presumably to lower their liability. The hope is that over time cloud storage and sharing will become better self-regulated and companies will choose to reveal their individual practices to the businesses they serve. While such self-regulation is not required at the moment, many businesses think it is their duty to display clear warnings, explaining what they don’t provide or guarantee.
Currently there’s no law in place that requires a company to divulge this information. Cloud computing services can save your organization money while boosting efficiency, but they may also risk noncompliance with privacy laws. This leaves the risk on your shoulders and it is up to you to weigh the advantages and threats for yourself. The topic of cloud security will probably be one of much debate in coming years. At the moment, the right road to travel is the the one that best meets your company’s specific needs.
Join the Conversation on Facebook!
