Do you actually know where your data is in the cloud?

The push for SME’s to move to the cloud is gathering momentum.   We have already been told of the cost benefits that come from a move to the cloud.   The unseen dangers are still unknown but a few have been noticed already.

One of the largest problems with cloud vendors is the fact that me, as a business, cannot actually pinpoint the exact location of the information.   This creates a number of conundrums, what are my legal and compliance requirements.

A cloud provider has similar problems to any business.   They are in the business to make money and will leverage everything that they can to make a profit.   That includes the following:

  •      Moving data and locating data across multiple locations.
  •      Finding the cheapest location to store the data to maximise profits
  •      Keeping data in separate places for business continuity and disaster recovery requirements
  •      Forgetting where copied data is located

Then there are other problems.   Cloud systems have now been around for about 3 years and are now going through the cycles of upgrading and streamlining hardware and technology.   How can you ensure that information on old and obsolete systems is being managed correctly.   Are old hard drives destroyed correctly?

So the move to the cloud is about convenience and cost recovery.   Moving cost from capital expense to operation expense there are still questions about the location of the data and how secure it is.

In the business world, the more compliance requirements around where your data is and who has access to the data the less the likelihood of it being moved to the cloud.   The old adage of “if you loose control of your data then the data is no longer yours” comes to the forefront of all business decisions.

Yes the cloud is a great leveler in the SME business world, but like social media, the decisions that the business base on the location of where the data is are just as important.    Just something else for us to all contemplate.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.