01:48 PM
Peter Long
Peter Long
Repost This

Avoid Cloud Storage Disasters: 6 Questions To Ask

Organizations could put their data at risk if they don't ask the right questions when evaluating cloud providers.

Companies of all sizes store their data on external servers every single day, whether they know it or not. This could be an organization whose employees bring their own devices and use file storage and sharing apps that the IT department isn’t aware of, or it could be a business looking to eliminate IT infrastructure costs and leverage the convenience of the cloud by moving data offsite.

One step that companies and individuals must take in order to use cloud storage is accept the provider’s terms and conditions. However, both organizations and individuals often fail to actually read those terms and conditions prior to clicking the "accept" button, putting companies in precarious positions that leave their data vulnerable to risk. What do you get in the fine print? Sometimes, it’s not as simple -- or pretty -- as you might think.

It is extremely important, regardless of company size, to understand where your data is going and what your rights are. More often than not, there are provisions buried deep within the terms and conditions that give providers rights to change, alter or even delete files. Providers also build in safeguards to absolve themselves of liability in the event of a security breach.

It's critical companies not only understand the terms of the programs their employees are using for BYOD, but also those for the cloud sharing and storage resources designated by the company. Going in with eyes wide open is the only way to fully understand your rights and protect corporate data.

Here are six questions all organizations must ask when evaluating cloud sharing and storage providers, either on a company level or for employee devices:

1. What is the service provider’s level of access and who holds the encryption keys? Many agreements call for unfettered access to data stored on a provider’s servers and most providers actually hold the encryption keys, so snoops or hackers can access encrypted data because the keys are stored alongside the files.

2. Can the provider change or alter your information? Believe it or not, when you click "accept," you are giving some providers the right to change, alter or copy your data without your knowledge. This is often positioned by providers as necessary for backup or formatting reasons.

3. Can the provider change the service at any time? Is there a clause stating that service may be changed or suspended at any time or does your provider need to give ample notice to allow you to remove/retrieve your data before changing the service terms?

4. When do fees kick in? Many providers start with freemium models, but charges can pile on quickly. Be sure to know what your needs are and the storage thresholds in order to be thoroughly prepared from a budget perspective.

5. Does the provider assume liability if its servers are compromised? In general, providers rarely assume responsibility for any consequences resulting from a security breach.

6. What happens when the contract ends? Since your data is stored remotely, you’re no longer in possession of it, so you need to be sure you can get your data back -- particularly if the provider is the one who terminates the contract.

[Read Howard Marks' analysis of the collapse of cloud storage provider Nirvanix in "The Nirvanix Failure: Villains, Heroes, and Lessons."]

Many organizations don’t realize the level of inherent trust they must put in their cloud service providers once they hit the accept button on those terms and conditions. It's extremely important that organizations understand their data rights when using someone else’s infrastructure.

The cloud is extremely beneficial and has allowed small companies to grow and large companies to accommodate a geographically diverse workforce. With those benefits come risks, and companies must ask the right questions before signing on the dotted line.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
12/18/2013 | 9:03:58 AM
re: Avoid Cloud Storage Disasters: 6 Questions To Ask
Hi Peter,

that's a great post about cloud storage. I think especially businesses should keep an eye on the security side as more employees use Dropbox and the like which is clearly not secure because it lacks local encryption. Here is a nice post why cloud storage encryption is so important and how to achieve it: http://www.onlinebackupreviews...
More Blogs from Commentary
Edge Devices Are The Brains Of The Network
In any type of network, the edge is where all the action takes place. Think of the edge as the brains of the network, while the core is just the dumb muscle.
SDN: Waiting For The Trickle-Down Effect
Like server virtualization and 10 Gigabit Ethernet, SDN will eventually become a technology that small and midsized enterprises can use. But it's going to require some new packaging.
IT Certification Exam Success In 4 Steps
There are no shortcuts to obtaining passing scores, but focusing on key fundamentals of proper study and preparation will help you master the art of certification.
VMware's VSAN Benchmarks: Under The Hood
VMware touted flashy numbers in recently published performance benchmarks, but a closer examination of its VSAN testing shows why customers shouldn't expect the same results with their real-world applications.
Building an Information Security Policy Part 4: Addresses and Identifiers
Proper traffic identification through techniques such as IP addressing and VLANs are the foundation of a secure network.
Hot Topics
White Papers
Register for Network Computing Newsletters
Current Issue
Twitter Feed