Cloud and outsourcing your data storage and backups can often be more secure than using internal resources, there are however some additional considerations to bear in mind when some, or all, of your data is not held on-site.
Some of the issues to consider when reviewing the security of your information systems, and how to minimise the risks of data loss, within the cloud and with outsourced data services.
Need help with a review? Get in touch with SI ICT
Audit use and storage of personal data
Consider the potentially sensitive and confidential data that is stored in the cloud by your business.
Review what is happening to that data and which controls are in place to prevent accidental or deliberate loss of this information.
Check with your cloud and outsourcing vendor for their compliance in regards to you compliance requirements
Risk analysis and risk reduction
If all or some of this data is lost who could be harmed and how? What impact will the loss have on your organisation and the data subjects?
Once these question’s have been answered, steps to mitigate the risks of data loss must be taken. Here are some steps that should be undertaken to reduce the risk of data loss:
- Ensure that the cloud provider or outsourcer will not share your data with a third party
- Check which countries the data will be stored and processed – this could have data protection implications
- Ensure that you can take local backup copies of your data
- A data subject has the same rights of access wherever data is being stored, so ensure that a subject access request can be facilitated
- Try to minimise the amount of personal data stored in the cloud, or with a third party
- What happens if the provider becomes insolvent? Have a contingency plan in place
- Is the data encrypted – if so have you got access to the keys and who else has access to the keys?
Need help or support with your organisations security - data | cloud and outsourcing?
Book a Free Consultation with SI ICT