Despite the fact that most people use cloud-based services every day – from online banking and shopping to photo sharing and even filing their income taxes – many public sector organizations that have historically stored their documents on their own servers still have questions or concerns about cloud-based storage.
As modern business systems increasingly shift from installable, on-premises software to subscription-based software-as-a-service, such organizations still find themselves asking: “how secure are our documents if we store them in the Cloud?”
The move of applications and storage to the Cloud is a new paradigm for users to become comfortable with. As with any significant technological shift, many of the concerns about cloud storage stem from people’s inexperience with it and unfamiliarity: “I don’t understand it yet, so it must be a risk.” Educating yourself and others in your organization will be critical in making informed decisions.
In this post and its related white paper, we’ll explore common cloud-related concerns of municipalities and other public entities, and compare the benefits and risks of cloud-based storage with those of storing your data yourself.
How Much Data Fits Under a Mattress?
One of the most commonly heard concerns about cloud storage is that “my data is no longer in my control.” That may be largely true, in the sense that it would be stored on someone else’s infrastructure, but is that necessarily a bad thing?
In fact, your data may be safer in the hands of dedicated, third-party experts than with your own limited internal resources. And beyond that, there are both technical and contractual steps you can take to maintain as much control of your data as possible.
To use an analogy, which do you think would be more secure: storing large sums of money under your mattress in your house, or depositing it in a bank?
Clearly, the bank could secure it better from theft, loss or destruction better than almost any individual could do themselves.
Likewise, proven vendors of cloud services can offer far greater protection than what most organizations could implement internally, from superior physical security for their facilities to dedicated teams of cybersecurity experts responding immediately to the latest digital threats. By offering the option of distributing your data across multiple locations, cloud service providers also safeguard your information more robustly than your organization could simply through typical backups.
That multi-site redundancy has the further benefit of enabling high-availability failover for continued access even in the event of an extended outage at the primary site, further protecting your data while minimizing downtime.
Going back to the bank analogy, if your closest bank branch suffered a fire, you can still go to another branch to get your money out, and you don’t have to wait for your local location to be re-built. But if your house burned down, everything under your mattress would be gone forever.
While cloud service providers, like banks, have extensive security infrastructure, protocols and processes that would be prohibitively difficult and expensive for you to implement on your own, there are still important considerations that you should discuss with your prospective cloud vendors to ensure they can meet your needs. Some of these factors include:
- Encryption. For data to be secure it needs to be encrypted while moving to and from cloud-based storage, and “at rest” once it arrives there. Vendors may offer different encryption protocols; while all modern encryption techniques are reasonably secure, if your organization has particular corporate standards for encryption, you need to ensure the vendor is compliant with them.
- Data Ownership. While your information would be stored in the cloud vendor’s systems, there are contractual things you should do as a customer to ensure that you retain ownership of your data. Ensure that the contract states unequivocally that the data is yours and yours alone, and that your raw data will be returned to you in its original format at the end of your contract. The contract must also provide for the verifiable destruction of all copies of your data in the vendor’s storage upon your authorized request. Related Resources: It’s the cloud era – Do you know where your data is?
- Privacy. Different jurisdictions and public sectors have their own privacy standards, which may vary significantly from their counterparts in other areas. Make sure that your vendor is aware of your jurisdiction’s privacy standards, and that their processes and contracts are compliant with them. To further protect your organization legally, make it a contractual requirement of your vendor that private data is truly kept private, with nobody able to access it – even within the vendor’s own staff – without appropriate security clearance.
The Benefits of Change
Ultimately, there will always be security risks whether you store your data in the Cloud or on-premises. The fundamental question, then, boils down to: “can cloud service providers provide better security than you could do yourself?”
Just like the bank versus mattress analogy, the answer is almost always yes, as it’s difficult, expensive and resource-intensive for organizations to get anywhere close to the security of the Cloud, let alone match it. And the Cloud offers an array of additional benefits – such as the above-mentioned high-availability failover – beyond security.
That said, you need to make sure you’re asking the right questions of your cloud vendor, so you know that both their technical capabilities and contract terms align with your requirements. Getting the right answers will help make yourself, your council members and your IT department comfortable with the safety of your data in the cloud. And with the right vendor and careful attention to the details, your documents will be even more secure than they would be under your on-premises “virtual mattress”.
While this high-level overview offered a lot of information, there are more details you should arm yourself with when evaluating cloud vendors.
For a deeper dive into the above topics, a list of questions you should ask when evaluating cloud service providers, and more depth on what you should be looking for in their responses, download our free white paper, “Keeping Public Sector Documents Secure in the Cloud.”
And when you’re ready to move your meeting management to the cloud, contact us to learn how the eSCRIBE platform keeps your documents secure, available and accessible.