Skip to main content

Is your data safe in the cloud?

The data you store in the cloud is easy for you and your team to access and share, no matter where you are in the world. It backs up automatically, so you don’t need to worry about losing it if your local storage is lost or destroyed. Upload data to the cloud and it will always be there when you need it. But is your data safe in the cloud? 

Let’s talk about some examples of cloud storage, some of the privacy risks and regulations you should be aware of, and how smart data discovery can help you make sure all your data is safe in the cloud. 

What is “the cloud”?

Data stored in “the cloud” is uploaded to servers that your company can access online. The data is processed and stored in data centers. Data centers are physical facilities that may be located anywhere in the world. Within the data center is a network of computers that work together to process, store, and share data. 

Some examples of cloud storage your company may already use include: 

  • Dropbox 
  • OneDrive 
  • SharePoint 
  • Google Drive, and more. 

Email providers like Gmail and Outlook also store your information in the cloud, allowing you to access your messages and any files shared with you in email attachments from any device. This is possible because the computing and storage take place on servers in a data center, rather than on your devices. 

When you create a new email draft or you edit a document or spreadsheet with cloud services, the changes are, in fact, made and saved on the cloud application provider’s server at the data center. 

Data center

Advantages of cloud storage

Cloud services can offer your company affordable options to store data. Before cloud technology became so accessible, companies had to manage physical servers or rent them. The high cost of doing so put it out of reach for most SMBs. 

The cloud changes this, letting people and companies of all sizes share a series of servers for storage, data sharing, and performing basic tasks remotely. This offers several advantages over local storage: 

  • Edit files from any location 
  • Save and share changes instantly 
  • Access files from any device 
  • Reduce the risk of losing data when devices are damaged or lost 

However, along with their advantages, cloud services do present certain risks and challenges you should be aware of. 

A wild west of security concerns

A 'wild west' of security concerns

“The cloud holds enormous potential for business efficiency and innovation, but also can create a 'wild west' of broader and more distributed environments for organizations to manage and secure”

Abhijit ChakravortyCloud Security Competency Leader, IBM Security Services

Although cloud storage can protect data from loss or destruction, it may increase the risk of private and sensitive data being accessed by the wrong people, causing a data breach.   

According to IBM’s Cost of a Data Breach Report, 45% of data breaches occurred in the cloud.  The easy access and high capacity for storage that makes cloud storage so efficient also make it an attractive target, creating an instant disaster if a nefarious third party were to get access to your passwords or hack your accounts. 

Privacy laws and the cloud

Global privacy laws like the GDPR and CCPA set a high standard for how you protect the data people share with you. They require you to protect data and limit how, where, and for how long you can store it.

GDPR and CCPA

Failure to comply with regulations can expose you to heavy legal fines and penalties from regulators, severely damage your company’s reputation, and may expose you to civil lawsuits as well. 

The good news is that most data breaches are preventable, and complying with privacy laws while using a variety of storage locations including cloud storage can be simplified with the right tools.  

Cloud compliance problems

The more sensitive personal information your company stores, the more vulnerable you are. If you store your customer’s personal data on the cloud, there are a few things you should consider that could cause you compliance problems.

More people
More access, more problems. Cloud storage makes it easy to collaborate with your team by letting everyone share and edit files instantly. But when files contain people’s sensitive personal information, not everyone should have access to them. 
More devices
More devices, greater risk. Cloud storage makes it easier than ever to work remotely. But if employees are signed in to view company files containing personal data on their personal computer, phone, tablet, etc., all those devices must be protected.  
What is in the cloud
More storage locations overall make it hard to track data. Most companies use multiple types of cloud storage, plus local storage. Tracking data in all these locations and pulling up a specific person’s data in response to DSARs on time is nearly impossible without data discovery software. 
Globe
Data centers may be located outside of your region. Most privacy laws have specific guidelines on data sharing as well as cross-border data transfers. The location of your cloud servers should be mentioned in your privacy policy, and the region where the data is physically stored should have a legal framework in place that provides ‘adequate’ protection for people’s data rights. 

Want more free data privacy tips?

Get the latest data privacy management news, trends and expert tips delivered straight to your inbox.

    Keep sensitive and personal data safe in the cloud

    Keeping track of sensitive and personal data and protecting it is key to preventing data breaches and being compliant with privacy laws.  

    Privacy and compliance principles that apply to the cloud: 

    1. Know what personal data you have collected and why it was collected 
    2. Only use data for the purpose for which it was collected 
    3. Keep people informed about how their data is used and stored 
    4. Set up a data retention period and delete data you no longer need 
    5. Protect your passwords and devices and establish policies for your team to do the same 
    6. Document your policies and practices to demonstrate compliance 

    It all starts with knowing what you have. 

    Is your data safe in the cloud?

    Data discovery for cloud storage

    How much personal information, and especially sensitive personal information you store, how long you keep it, and who has access to it are all factors that increase your risk of a data breach, especially with cloud solutions. 

    Make an inventory of the personal data you have collected from your customers and employees, and where it is stored. Doing this manually across all the cloud solutions + the local storage your company uses is probably not realistic or effective, as it would be too time-consuming and prone to errors.  

    DataMapper’s automated data discovery uses powerful AI and machine learning to create a data inventory in minutes.  

    • Identify sensitive data across the cloud services and local storage your company uses. 
    • Sort structured and unstructured data by risk level and category.  
    • Monitor where sensitive data is stored and who has access to it.  
    • Pull up a specific person’s data quickly in response to DSARs. 
    • Spot weak spots in your security and stop potential breaches before they occur. 
    • Evaluate and improve practices and policies to keep them up to date with regulations. 

    The privacy and compliance tools you choose must be able to keep up with the variety of cloud productivity and storage services you are already using and the large amount of personal data you store there.  

    Is your data safe in the cloud? Would you like to see for yourself how DataMapper can help? 

    Try DataMapper free → 

    Sebastian Allerelli

    Governance, risk, and compliance specialist