The benefits of storing information in the cloud are extensive. Backing up important data, freeing up space on your servers, and having your data easily available to your staff are only a few. If you’ve been looking into this route, you almost certainly have many questions about the security of the cloud. If your company deals with sensitive information that belongs to your clients you may need to stay compliant with HIPAA, PCI or Sarbanes-Oxley regulations.
Do cloud storage solutions follow these regulations? Are they required to? If they haven’t spelled it out in their privacy policies, it is safest to assume they are not compliant. We will explore this more below.
Compliance
Cloud security has become an important issue recently, as increasing numbers of companies turn to online storage solutions, looking for greater simplicity, scalability and affordability. Yet the cost in both money and reputation for poor handling of customer data can be extremely high indeed. If your business should comply to key regulations associated with patient privacy (HIPAA), credit card security (PCI) or the finance-sector strictures of Sarbanes-Oxley, it can be hard to find out if a service complies with these important restrictions.
Who is responsible
Whose responsibility is the security of the cloud? It is not currently required that a service provider be specific about their compliance with these regulations. While the safest option is to assume that if they haven’t clearly stated that they are in compliance in their privacy policy, they are not. This may mean that cloud computing is not for you. However, if your business does not require tight regulations, then the advantages of cloud computing could be an excellent solution for you.
Ultimately, as there is no current law that states that companies must disclose how tight their security is, the responsibility is in your hands. You must weigh the pros and cons of cloud storage to decide if it’s suitable for your business.
