Is your data safe in the cloud?
The data you store in the cloud is easy for your company to access and share, regardless of where you are in the world. Cloud services back up automatically, so you don’t have to worry about losing data. Uploaded data to the cloud will always be there when you need it. But should you be concerned about data protection when data is in the cloud? This blog covers some of the risks and rules to be aware of when using cloud services for data storage.
What is “the cloud”?
Data stored in “the cloud” is uploaded to servers that your company can access online. The data is processed and stored in data centers. Data centers are physical facilities that may be located anywhere in the world. Within the data center is a network of computers that work together to process, store, and share data.
Some examples of cloud storage your company may already use include:
- Dropbox
- OneDrive
- SharePoint
- Google Drive, and more.
Email providers like Gmail and Outlook also store your information in the cloud, allowing you to access your messages and any files shared with you in email attachments from any device. This is possible because the computing and storage take place on servers in a data center, rather than on your devices.
When you create a new email draft or you edit a document or spreadsheet with cloud services, the changes are, in fact, made and saved on the cloud application provider’s server at the data center.
Advantages of cloud storage
Cloud services can offer your company affordable options to store data. Before cloud technology became so accessible, companies had to manage physical servers or rent them. The high cost of doing so put it out of reach for most SMBs.
The cloud changes this, letting people and companies of all sizes share a series of servers for storage, data sharing, and performing basic tasks remotely. This offers several advantages over local storage:
- Edit files from any location
- Save and share changes instantly
- Access files from any device
- Reduce the risk of losing data when devices are damaged or lost
However, along with their advantages, cloud services do present certain risks and challenges you should be aware of.
A 'wild west' of security concerns
Although cloud storage can protect data from loss or destruction, it may increase the risk of private and sensitive data being accessed by the wrong people, causing a data breach.
According to IBM’s Cost of a Data Breach Report, 45% of data breaches occurred in the cloud. The easy access and high capacity for storage that makes cloud storage so efficient also make it an attractive target, creating an instant disaster if a nefarious third party were to get access to your passwords or hack your accounts.
“The cloud holds enormous potential for business efficiency and innovation, but also can create a 'wild west' of broader and more distributed environments for organisations to manage and secure”
Abhijit ChakravortyCloud Security Competency Leader, IBM Security Services
Get our Newsletter!
In our newsletter you get tips and tricks for dealing with privacy management from our founder Sebastian Allerelli.
When you sign up for our newsletter you get a license for one user to ShareSimple, which will give you a secure email in Outlook. This special offer is for new customers only, with a limit of one freebie per company.
Privacy laws and the cloud
Global privacy laws like the GDPR and CCPA set a high standard for how you protect the data people share with you. They require you to protect data and limit how, where, and for how long you can store it.
Failure to comply with regulations can expose you to heavy legal fines and penalties from regulators, severely damage your company’s reputation, and may expose you to civil lawsuits as well.
The good news is that most data breaches are preventable, and complying with privacy laws while using a variety of storage locations including cloud storage can be simplified with the right tools.
Cloud compliance problems
The more sensitive personal information your company stores, the more vulnerable you are. If you store your customer’s personal data on the cloud, there are a few things you should consider that could cause you compliance problems.
- More access, more problems. Cloud storage makes it easy to collaborate with your team by letting everyone share and edit files instantly. But when files contain people’s sensitive personal information, not everyone should have access to them.
- More devices, greater risk. Cloud storage makes it easier than ever to work remotely. But if employees are signed in to view company files containing personal data on their personal computer, phone, tablet, etc., all those devices must be protected.
- More storage locations overall make it hard to track data. Most companies use multiple types of cloud storage, plus local storage. Tracking data in all these locations and pulling up a specific person’s data in response to DSARs on time is nearly impossible without data discovery software.
- Data centers may be located outside of your region. Most privacy laws have specific guidelines on data sharing as well as cross-border data transfers. The location of your cloud servers should be mentioned in your privacy policy, and the region where the data is physically stored should have a legal framework in place that provides ‘adequate’ protection for people’s data rights.
Keep sensitive and personal data safe in the cloud
Keeping track of sensitive and personal data and protecting it is key to preventing data breaches and being compliant with privacy laws.
Privacy and compliance principles that apply to the cloud:
- Know what personal data you have collected and why it was collected
- Only use data for the purpose for which it was collected
- Keep people informed about how their data is used and stored
- Set up a data retention period and delete data you no longer need
- Protect your passwords and devices and establish policies for your team to do the same
- Document your policies and practices to demonstrate compliance
It all starts with knowing what you have.
Start your GDPR cleanup where it is needed the most
Sensitive data can tends to accumulate in the employees' e-mails. With a GDPR Risk Scan from DataMapper, you get a report that shows any potential GDPR risks in the company's e-mails.
Use Data Discovery for secure cloud storage
The amount of personal data you store, how long you store it and who has access to it are all factors that increase your risk of a data breach – especially with cloud solutions. Make an inventory of the personal data you have collected from your customers and employees, and make sure to clean it up.
Doing this manually across all cloud solutions and local file storage that your company uses is probably not realistic or very efficient as it would be too time consuming and subject to error. With a Data Discovery tool, you can use AI and machine learning to create a data inventory in a few minutes.
Sebastian Allerelli
Founder & COO at Safe Online
Governance, Risk & Compliance Specialist
Follow me on LinkedIn to get tips on GDPR →