There are many ways to compromise data. Deletion or alteration of records without a backup of the original content is an obvious example. Unlinking a record from a larger context may render it unrecoverable, as can storage on unreliable media. Loss of an encoding key may result in effective destruction. Finally, unauthorized parties must be prevented
from gaining access to sensitive data.
The threat of data compromise increases in the cloud, due to the number of and interactions between risks and challenges which are either unique to cloud, or more dangerous because of the architectural or operational characteristics of the cloud environment.
It is extremely important for businesses that are beginning to adopt or already have adopted Cloud applications into their core business to ensure that they are taking the threat of data loss seriously. Businesses need to be sure that they maintain local copies of their critical business data that is stored in these cloud applications.
Read the full Cloud Security Alliance paper.
This is a key item that comes up routinely with new Clients. As a eCommerce SaaS provider for mid-market retailing sites (5-50MM online revenue typically) questions surface about confidentiality of client data and the security controls that OrderDynamics has in place to 1) provide secure access to their data routinely and 2) how we protect against a break. Cloud and SaaS application providers must prove they can address these concerns both from a technical architecture perspective and internal policies and procedures. This also has an impact through the Master Service Agreement (MSA), which should explain the security practices in place and hold the SaaS / Cloud provider accountable at some level. Don't have a contract with your cloud vendor? That's the first red flag.
ReplyDelete