What is ‘cloud computing?’
Simply put: Cloud computing is moving your computing service on to an Internet-based platform with a third-party provider. And there are three types: infrastructure, platform-as-a-service and software-as-a-service. Each type is designed to replace or remove unnecessary in-house requirements from your organization. In infrastructure scenarios, for example, a cloud-based environment is employed to offload the amount of physical servers you must manage whereas software-as-a-service types are designed to offload software you do not wish to manage internally – like Office 365 or Salesforce, for examples.
The cloud isn’t magic – it isn’t invisibly floating above us in the sky. Instead, the cloud definition originates from Internet flow charts describing cloud services. Since cloud services are hosted on physical servers here on Earth, this is an important distinction to make when considering issues like whether a cloud puts your data at risk. And you need to know how your cloud service provider is hosted before signing on.
Storing on the cloud is different than storing locally or in-house at an organization. The cloud enables global access to data regardless of where business is located. And security is generally provided by a cloud provider – which can strengthen the safety of sensitive data. Think of it like a bank account – while you can hide cash under your mattress, the money is only as safe as your mattress. But if you choose to deposit your money in the bank, you gain access to a larger protected environment with additional security measures you might otherwise not have.
Financial risks remain a big concern of uploading to the cloud. With massive fines, like those associated with the EU’s General Data Protection Regulation (GDPR), in addition to the irreparable brand damage brought by a data breach, organizations need to be extra vigilant when making their data available through a cloud-based service.
To help mitigate the risk of uploading sensitive data to the cloud, organizations need to ensure their cloud-based service provider or cloud provider are taking steps to adequately protect data. Third-party security audits, assessments or credentials, like PCI certification or SOC2 certification, are good things to look for. Disaster recovery plants, especially for cloud providers with data centres in high-risk geographical areas, are also a security feature to consider when looking for a place to store your data.