Is Your Cloud Provider Sidestepping Security?

When you accept that cloud provider’s contract to store or backup your company’s data on their servers, did you read the fine print? According to Gartner, 2012 may be the year that Cloud Services gets a big boost because companies are looking to decrease IT costs, have more access form remote users and offer more services to your customers. But, at what cost?

In the April 2011 “Security of Cloud Computing Providers Study” white paper by the Ponemon Institute three very disturbing conclusions were made. One, cloud providers do not view security as a competitive advantage. Two, they don’t view security as an important responsibility. And three, cloud providers believe it is their customer’s responsibility to secure the cloud and not theirs. This is very evident when you look over the top leading cloud providers (Amazon, Google, and Microsoft ) contracts.

• From Amazon: “Amazon has no liability for …. (D) any unauthorized access to, alteration of, or the deletion, destruction, damage, loss or failure to store any of your content or other data.”
• From Google: “Customer will indemnify, defend, and hold harmless Google from and against all liabilities, damages, and costs (including settlement costs and reasonable atto
eys’ fees) arising out of a third-party claim: (i) regarding Customer Data…”
• From Microsoft: “Microsoft will not be liable for any loss that you may incur as a result of someone else using your password or account, either with or without your knowledge. However, you could be held liable for losses incurred by Microsoft or another party due to someone else using your account or password.”

Where this ends up biting a company is when a security breach does occur since they are still liable for all of their customer’s personal information. So the defense of offloaded IT services to a third-party has no validity. And in fact may create an even bigger problem for the company when fines and lawsuits are ascertained because it looks like you are not interested in your customer’s well-being.

Cloud computing is by all means not going away. There are many advantages to cloud computing to companies of all sizes that needs to be properly integrated into the company’s business plan. But what cannot happen is for companies to feel that they are no longer responsible or liable for the information they hold about their customers.

So to think that you’re going to reduce your IT costs and staff by moving to a cloud-based architecture is foolish at best. If anything you’re going to need more IT resources to be able to pick out the leaders within the industry, what services will be implemented and how security is being maintained to protect the company.

In Conclusion

The best advice I can offer any company who is interested in adopting a cloud strategy is to 1) Don’t put sensitive information onto any third party cloud; 2) consider building a private cloud; and 3) higher IT specialists who will manage and monitor all the cloud activities.