3 MINUTE READ
By Stephen Ferrero, Security and Compliance Manager
1. Not knowing that you're already moving to cloud services
Whether you know it or not, your company is probably already using cloud services. Maybe some of your employees have signed up for an online file-sharing
service like Dropbox or Box without informing IT. Maybe you're using a hosted project management tool like Wrike or team collaboration app like Slack
without giving much thought to the fact that using it to share files and documents is putting your data in the cloud.
Any cloud based service that processes or stores data could put that data at risk if you haven't considered how to secure it — or, worse, if you don't know your data is there. Xantrion can help you identify what cloud services are being used on your network so you can make smart decisions about them. If you're using our Managed Security Service™, we also offer the option of implementing tools that work with certain popular cloud applications to show what data is being shared and who has access to it, allowing you to extend your security to apps you sanction and block access to those you don't.
2. Not doing appropriate due diligence on a cloud service
Legacy on-premises software can keep working long after the company that sold it is gone, but if a cloud based service goes out of business, your software
and data are gone — probably forever. It may not be wise to move a critical business process to a cloud service run by a brand-new startup that
could go out of business or can't guarantee uptime. It's probably also not the best idea to trust your key data to a cloud service hosted on a server
in someone's garage rather than an Amazon AWS or Microsoft Azure data center.
Do proper due diligence before you commit to a cloud vendor. Who runs the service? Where is it hosted? What's the company's reputation? Is it financially stable? What's its performance record? Does the company offer Service Level Agreements, and if so, do the SLAs meet your needs? Xantrion can help you find the answers.
3. Failing to consider cybersecurity and compliance issues
Some cloud service providers have put more thought and effort into cybersecurity than others. If a vendor hasn't developed and tested its cloud application
with enterprise-level cybersecurity in mind, it may be putting your data at risk, and with it, your business.
Look for single sign-on, secure data transport, encryption, and other technical safeguards for your data. Ask about the cybersecurity controls the vendor has put in place. Stick with cloud service providers who have industry-appropriate third-party certifications and verifications. Xantrion has already performed due diligence on our cloud services to ensure they meet all relevant cybersecurity and regulatory requirements.
4. Assuming that cloud data is a comprehensive backup
When cloud service providers talk about the availability of your data, they usually mean that they keep multiple copies of your data for easy recovery.
However, these copies are usually real-time copies of the latest version of your data. If you need to retrieve past information — for example,
a file you deleted two weeks ago — you may be out of luck.
Many companies don't need anything more than the most recent version of their data. However, if your company's data retention policies require you to keep historical data, look for a cloud service provider that keeps a versioned history of files. Xantrion can also back up certain cloud services for retention purposes, which also creates an easily accessible copy of your data if for some reason your provider can't or won't allow you to export it.
5. Failing to ensure your full control over your data
Your data is yours, not your cloud service provider's. You need to be certain that you retain full ownership of your data, that it's stored securely, that
the vendor won't use your data for its own purposes, and that you will be able to get your data out of the service if you choose a different vendor
or if the service goes out of business.
Look for controls that ensure your ownership of your data, that prevent the vendor's employees from accessing your data without authorization, and that create an audit log so both you and the cloud service provider have a record of who has accessed your data, how, and when — an especially important consideration for regulated industries. Xantrion has already thoroughly vetted our cloud services to ensure they meet these high standards, and we abide by those standards too.