As your employees use more cloud-based technologies, such as Facebook, Gmail, and Salesforce.com, you need to protect valuable company data. Not having the right security measures and controls in place to prevent data loss can harm your organization’s reputation and revenue. The cost of a data breach increased last year to $204 per compromised customer record, according to the Ponemon Institute’s annual study. For a smaller firm with limited resources, that could be a devastating blow. Here are some tips for safely leveraging cloud computing technologies:
1. Understand what type of information is moving and where it is moving to in order to create cloud information policies for your organization. For example, are your employees using personal clouds or Google docs without the IT team’s knowledge? Are they sending confidential data to their personal e-mail accounts to work on them later at home? By monitoring these activities through secure Web gateways and data loss prevention (DLP) solutions, you gain a better understanding of the policies and controls needed to protect your data.
2. Create policies that specify which types of data can be sent out to the Web or transmitted via cloud services and who can handle each type of data. After you write the policies, prevent inadvertent data leaks by educating and training your employees.
3. Use appropriate technologies to enforce these policies. A security solution that provides unified content security—integrating Web, e-mail, and DLP technologies—provides the best protection from inbound and outbound threats, as well as awareness of the data’s destination. These technologies can then help prevent both malicious and accidental data loss.
4. Understand the standards and certifications of the potential cloud vendor. For example, make sure the cloud provider is capable of complying with standards that apply to your business, including auditing-related standard SAS 70, PCI DSS, HIPAA, and Canada’s PIPA. We also recommend reviewing the language in your service-level agreement that refers to what the provider will do if a security breach occurs.
5. Think broadly about where your organization does business. If you conduct business outside the U.S., it is subject to the laws and regulations of those other countries as well. Make sure your employees are aware of the legislation affecting transactions in all locations where you do business.
Cloud computing does not have to be a stormy venture for your organization. Having the right policies and technologies in place is the key to protecting both your network and data.
Senior vice-president and chief information officer
Want to improve the way you run your business? Entrepreneurs, academics, and consultants from diverse industries offer practical advice on a variety of topics each business day.
To submit a tip for consideration, first check our archive of previous tips to make sure you're not repeating a tip someone has already contributed. Then send the tip to Small Business channel contributor Michelle Dammon Loyalka. Because of the volume of material she receives, she may not respond to each individual.