The Key Elements of Due Diligence When You Consider a Cloud Computing Solution

cloud-3362004_1920

For years providers have been touting the benefits of a migration to the cloud: increased productivity, morale, and security, and decreased management burden and risk of downtime.

And as companies have shifted into the cloud, they have taken these promises to heart. According to McAfee’s 2019 Cloud Adoption and Risk Report:

  • 69% trust their provider to keep their data secure
  • 12% claim their provider is solely responsible for data security

There is a widespread assumption that putting corporate data into the cloud means that it is—automatically and without intervention—fully locked down, backed up, and protected.

This is almost never the case.

Take the wildly-popular Microsoft Office 365 for example. Did you know that, by default, Microsoft only retains deleted emails for 30 days? Files in personal accounts are retained for 30 days, and those in work accounts are retained for 93.

If you accidentally delete an email or file and try to recover beyond these points in time, there is no recourse and that data is lost. I’ve seen many organizations find this out the hard way.

To keep our data properly protected, we need to approach cloud computing with as much scrutiny as we do any other material change to our technology environment. Here’s how.

 

How to perform proper cloud due diligence

When you’re evaluating cloud services, evaluate the following:

  • Backup. How often is your data backed up? To where? Are there versioning capabilities? What is the standard retention? Can this be customized?

  • Permissions and controls. What level of control do you have over which people can access which data? What level of control do you have over how data is shared? Can you revoke access when an employee leaves?

  • Administration and Support. What changes can you administer, and which need to go through your provider? What avenues do your people have for technical support? When is the support team available?

  • Training. Do your people know how to use the package effectively? Do they know how to work within your specific security parameters?

  • Business continuity. What happens if the provider experiences an outage? Can you still work? What if the provider goes out of business?

If there’s a mismatch between your risk tolerance and the platform’s capabilities, consider a third-party application to bridge the gap. That, or choose another platform that is better aligned with your needs out of the box. 

The important point is to identify and address any limitations in your cloud services proactively wherever possible.

Your data is well worth the investment of time. 

--

As originally published in the American City Business Journals.

 

Topics: cybersecurity, remote work, backup, cloud, outsourcing, risk, selection