The downside of the digital landscape is that hackers have easier access to corporate data, because almost all businesses are now operating online to some extent.
For example, LivingSocial’s recent data security breach saw 50 million of their customer usernames, passwords, and emails being compromised.
But is this realistic? Is there such a thing as total security in the cloud? How can you control your cloud-based archive and make it safe?
The key issues concerned with corporate data stored in the cloud are:
Compromised Sensitive Data
AccountingWeb reported that the question of data management is a top priority for storing sensitive financial data in the cloud. In a joint study by AICPA and CPA Canada, financial IT professionals said that their main concerns regarding document security were fraud and internal theft. It is interesting to note that concerns around encryption and security matters heightened in all businesses surveyed, whether or not they were archiving to the cloud.
Maintaining Data Governance
Organisations find it difficult to monitor and govern the way files are used in the cloud – for example, they may not be copied appropriately.
Creating an email retention policy is one thing but enforcing it is another task altogether. How can you make sure you have control over your data without micromanaging staff members?
Since keeping track of documents is intrinsic to ownership and security over sensitive data, it’s easy to understand why it’s such a big concern for executives.
How secure can your cloud email archive be?
Let’s examine how well cloud-based archives can satisfy security requirements. SlashDot reported that for data to be considered usefully secure:
1. Data integrity must be assured.
This means that neither malice nor accident will be able to corrupt it:
- Accident. Destruction of data due to failed backups (most commonly PST files), human error, or lost devices are all threats to the security of your email archive.
- Malice. Your email archive must not be able to be altered – not just by hackers, but by people inside your organisation.
A cloud-based email archive stores everything in a central repository and retains every message, even if it was deleted on individual mailboxes. While adopting technology that allows you to monitor everything can be daunting due to the copious amount of data your organisation will need to maintain over time, it could save you from future regulatory compliance headaches around ESI (electronically stored information).
2. Role-based access must be supported.
The data’s owner must be able to define and grant role-based access according to what they will need to do with it.
In fact, Forrester reported that when it comes to cloud services, “despite resource sharing, multitenancy will often improve security. Most current enterprise security models are perimeter-based, making you vulnerable to inside attacks. Multitenant services secure all assets at all times, since those within the main perimeter are all different clients.”
Similarly, Gartner reported that “cloud-based controls can provide more current protection, sometimes avoiding complex and costly upgrades.”
To maintain security, your archive must support this function so that you don’t allow excessive access to users that don’t need it, especially because you’re dealing with sensitive corporate data.
3. Accountability and visibility of interactions with data must be supported.
When it comes to data governance, the custodian of the data must be able to maintain accountability and have visibility over what has been done to it by those who have been granted access.
Many cloud-based services are already able to tell you who has done what with the privileges granted by the owner. If your email archive is one of them, the fact that it has this feature in itself promotes secure behaviour of all those that have access.
4. Availability of data must be reliable.
This means that your data is available when and where it’s needed – otherwise it will likely lead to evasion. Organisations that use tapes and PST files struggle with being able to retrieve the email data stored. It’s cumbersome and time-consuming, whereas in the cloud you can find what you need in seconds.
Is it worth it?
Although this can seem like too big a task, the opportunities that can be gained by keeping data in the cloud far outweigh the risks:
- Cost. It’s more cost-effective to go cloud. In fact, Gartner reported that “the ease of deployment and relief from technology maintenance that cloud security services bring should provide users with immediate cost savings.”
- Email Compliance. Since dealing with an eDiscovery request is a major hassle, you will want to make sure that you’re as prepared as can be. The nature of legal discovery requests make it difficult to comply because of the strict penalties in relation to the time you are given to produce the data requested – no matter how far back it may go. There are significant implications for an employee either accidentally or purposefully deleting an important email that is needed for an eDiscovery request.
- Email Archive Searchability. Perhaps the biggest advantage of cloud email archiving is the fact that your archive can be made useful because it’s so easy to search and retrieve data. For this reason cloud archiving is useful beyond being able to comply with email retention laws set by industry regulations – it can also help with the everyday running of the business. This is why many industry sectors are already taking more control and governance over archived data by moving in this direction, including banks, governments and hospitals.
Executives need to ask themselves if they’re able to control the cloud by building a scalable infrastructure – or if they can’t, hand it over to a vendor who is better equipped to cope with the task by having the above functionality.