I recently addressed the proximity of servers as being one of the main concerns Austin companies expressed about cloud security.
However, an even deeper issue has surfaced that relates to the technicians who will be responsible for the data.
When you entrust your business' critical information to a cloud provider, will it be at risk from the very people responsible for the security?
Who is watching the Watcher?
One of the business scenarios that could trigger this fear for Law Firms involves breaching the attorney-client privilege. Some lawyers have voiced their worry that handing over their data to a third party could constitute such a violation.
Another area where companies fear the involvement of third party cloud support is with HIPAA compliance. These companies fear the possible fines that could result if one of the technical workers at the data center gained access to employee or patience information.
All businesses should be diligent about making sure their data does not fall into the wrong hands; but does the cloud really pose a serious threat from security people accessing private information?
In the case of lawyers, we know that they can electronically store their data offsite as well physically store there files offsite; but neither of these transactions will breach the attorney client privilege.
Really, what is at the heart of this issue is whether a third party can actually get access to the files. The type of access we are discussing would mean that the contractor could physically or electronically open files and read the confidential information.
However, this type security access is not available when data is stored in a cloud environment. This is because the IT people only have access to the files that contain applications and not the data itself. They simply do not have the passwords that allow them to log into these programs where all these files reside.
This arrangement would be like placing confidential information into a locked box and then handing that box over to the care of a third party. The only way this third party would have any access to the information in the box would be if he or she had the key or broke through the lock.
If an employee ever hypothetically found a way to gain access to the data they would be discovered immediately and face expulsion along with criminal charges. In addition, the background checks that IT staff working in data centers undergoes, are extremely rigorous. This is because they typically have to stay in compliance with International standard like SSAE 16 SOC II.
The truth is that the average company is far more likely to have data stolen by one of their own employees, rather than a third party cloud security technician. However, even though this threat is not likely it is important that cloud providers still take it seriously. Data centers should maintain security measures to prevent third party access to data as well as institute adequate HR processes that will screen out employees who might pose a security risk in the future.
The bottom line is that you can have confidence to move into cloud computing without the fear of compromised data as long as the data center meets the international security standards.