Do you know where your corporate information on the cloud actually is? Although most companies already store a great part of their files on the internet (making them available from anywhere and without taking space up on office computers), not all are aware of the data’s journey, where it ends up or how it is protected.
As the number and variety of activities carried out on the network increase, from many aspects of the relationship with the customers to accounts and economic transactions, the consequences of a cyber-attack or a leakage are increased.
Normally, it is an outside company that provides the service – maintains the servers that store the documents by placing them in the shared folder. While they are on their property, the responsibility of the management of sensitive information falls on your own company. To avoid a malware brewing within your systems or that the data ends up being leaked because of a security flaw, the first step is to take certain precautionary measures.
A good starting point is the creation of a corporate policy to establish a clear strategy. Information is accessible from many kinds of devices (mobile phones, tablets, PCs), both own and third party ones, so the best way of monitoring it is by knowing what it is being shared and with whom.
That is why it is important to classify the different types of documents according to their confidentiality and the levels of privacy they require, and determine how they will be stored in line with these principles.
An example is the Information Security Forum Standard of Good Practice, which is already being used by many corporations globally. The document brings together the main threats and risks, their evolution, and refers to the organizations’ needs to know how to respond to cybercrime, hacktivism activities’ or even espionage.
The information’s nature is also key to choosing the most suitable cloud storage service provider. Not all implement the same security measures. In addition, these companies have access to the files that you deposit in their servers. For this reason, it is advisable to be selective and make sure that they will be able to provide the level of protection required.
Another factor to consider is the updating and renewal of the infrastructure provided, as well as the software to manage information flows, since it can affect your own data. Knowing how often it changes and making sure that the contract ensures the confidentiality, integrity and accessibility of the files is crucial.
The level of caution should be enhanced when documents are of special value for the business and the company’s income. For example, in the case of patents or other type of creations with intellectual property rights.
And, finally, what happens if you want to delete all data from their servers? Make sure that you can truly destroy the information, and not only from your computer screens. If privacy concerns us individually, should we not be even more careful with corporate documents?