3 Public Cloud Risks to Share with Your Clients
Can you share too much information (TMI) online? As organizations use more public cloud services, IT service providers should be careful about what cloud-based file sharing services they recommend. And, while the rise in public and hybrid clouds isn’t a bad thing, as an MSP you need to explain to your clients the risks associated with the public cloud so they can make an educated decision about what mix of public and private cloud services is right for them. Here are a few of the risks you should highlight:
Data Protection Policies May Not Extend to Public Cloud
Businesses with good IT security policies should commend themselves for working to better protect their data. But when that data leaves the organization and heads to the public cloud, it becomes increasingly difficult to enforce these policies.
The Cloud Standards Customer Council says, "For public cloud deployments, consumers necessarily cede control to the cloud provider over a number of issues that may affect security. At the same time, cloud service-level agreements (SLA) may not offer a commitment to provide such capabilities on the part of the cloud provider, thus leaving gaps in security defenses."
Difficult to Maintain Compliance Standards
For businesses that are subject to regulation by PCI, HIPAA, or other compliance guidelines, it can be difficult to maintain these requirements after relinquishing some control of their data to a public cloud service. One example is the financial privacy rule, Gramm-Leach-Bliley Act (GLBA). This requires financial institutions to offer information to their customers on how their data is maintained, shared and protected. Using public cloud services make it difficult to get clear and reliable information to provide to clients. In reality, the many of the businesses using the public cloud don’t even know themselves how their data is maintained, shared and protected.
Public Cloud Could Expose Data Itself
While many people cite the security concerns surrounding the cloud, the truth is most businesses face an equal risk of accidently leaking their sensitive information themselves. Companies that don’t carefully review the terms and policies of their cloud service could find themselves unintentionally publishing secure information. CSO Online has found that many companies and individuals that don’t properly configure their backup drives have found their sensitive information indexed by Google in their public search results. CSO lists the most common types of information that has been made public this way:
- Credit cards
- Tax documents
- Financial documents
- Portable Drive information
- Master lists of passwords
- IT related files
All of this information is available to the most basic internet search because the users didn’t understand how their public cloud service was configured. While your clients have you to help them navigate the risks inherent with the public cloud, there are definitely areas where they should have to. By providing your clients information and guidance on what uses are appropriate for the public versus private cloud you can save them the risk and potential cost of a poorly configured cloud infrastructure.