Many IT security experts agree that cloud computing providers could be doing more to protect their customers’ data. But that doesn’t mean customers don’t have their own responsibilities when it comes to cloud security.
One of the biggest things companies must do to protect their data when it’s in the Cloud: Make sure providers are taking the proper security precautions.
However, a lot of businesses aren’t doing that, according to a recent survey by PwC and Infosecurity Europe.
The survey found that 73% of organizations have outsourced some business processes to a web-based provider. However, just 38% ensure that data held by external organizations is encrypted.
Smaller organizations in particular struggle to verify the security of cloud computing providers. In fact, more that half (56%) of small businesses don’t carry out any checks on cloud providers’ security. That could mean a lot of sensitive data is being held on networks without the proper security controls in place.
In addition to making sure data is encrypted, what types of checks should businesses conduct before signing a deal with a cloud computing provider? Experts recommend asking cloud providers questions such as:
- Can other cloud users see our data?
- How do I manage who has access to our data?
- What controls do I need to securely move to the cloud?
- How can I prove to auditors our cloud systems are secure?
- How will I know if our data’s been breached?