Cloud computing is available to everyone in various forms. As individuals we put our photos and music in the cloud and businesses can use the cloud for various functions including storing data and information. Cloud computing offers many benefits to businesses, but there are cyber liability and privacy and data security risks that come with this service as well. Knowledge of these risks and benefits is crucial for you to make the right decision when considering whether to move your business to the cloud.
Cyber Liability and Risk Prevention Considerations
Cloud computing offers a number of benefits to a commercial user. It provides a cost savings from not spending money on servers and hardware and also cuts down on associated electrical costs. Cloud computing also provides increased flexibility with greater access to data and applications.
However, along with these benefits there are risks associated with cloud computing. If you are considering moving your business to the cloud you must first consider the following issues.
- Applicable laws and regulations: Various federal and state laws may limit use of cloud computing services. These laws are sector specific. For example, under the Health Insurance Portability and Accountability Act (HIPAA), covered entities must enter into a business associate agreement before transferring protected health information to a service provider, and may not allow the use or disclosure of health records in ways that conflict with HIPAA.
- Access to Data: What level of access will the cloud provider have to your data? The level of provider access may undermine applicable privilege or trade secret arguments.
- Voluntary or Compelled Disclosure: Cloud computing services often retain the ability to disclose information stored on behalf of its clients to the government and to third parties during investigations. In certain situations, these disclosures may be made without notice. Additionally, in certain circumstances, these disclosures may violate federal and state law prohibiting the disclosure of personal information.
- Data Security: The level of data security may vary depending on the service provider. Obtaining knowledge and understanding of the service provider’s security measures is important to ensure that data and information is adequately stored and protected. This is crucial for compliance with certain laws, and now also necessary to ensure compliance with terms of most cyber insurance policies.
Three Steps to Get Set for Success with Cloud Computing
These issues do not necessarily outweigh the benefits of cloud computing, and can be addressed before moving to the cloud. Prior to moving your business to the cloud, you should take the following steps to minimize data privacy and security risks while addressing your business objectives:
- Data Assessment: Inventory the data and information your business holds. Specifically, you must evaluate the sensitivity of your business’ data and determine whether certain categories of data should not be stored on the cloud.
- Due Diligence: Your business must do its due diligence to obtain as much relevant information about the cloud service provider’s reputation and business practices as possible.
- Contract Negotiation: Although the cloud computing service provider may attempt to offer a standard form contract, businesses should always seek to negotiate the terms of these contracts to address the concerns highlighted above. Of particular importance are specifying the security standards used, identifying the party responsible for a data beach, and specifying limits on the cloud computing service provider’s ability to disclose stored information and data.
When all of these issues are evaluated and addressed, you can feel confident about your decision to move your business to the cloud.