Talk about an irresistible amenity – for hoteliers and a broader hospitality industry increasingly burdened by unwieldy and expensive onsite data management options, cloud-based data storage providers are providing a potentially attractive solution.
By hosting data off-site on easily accessible web-based servers, cloud providers, offer a painless and cost effective solution to the data management headaches businesses are experiencing. All the access without the hardware and infrastructure worries sounds great, but we need to think long and hard about potential consequences before switching to a cloud provider.
After all, it’s still your hotel’s good name and hard-earned reputation at risk if a cloud provider drops the ball and recklessly exposes your customer’s financial and personal information. Without a clearly worded contract stating otherwise, you’re almost certainly the party that will pay for costly data breach disclosure requirements, if hackers breach your account.
Needless to say, choosing a custodian for your data is not a decision to be taken lightly. Before transferring your data off-site, businesses need to be confident that a cloud provider is just as secure, preferably more so, than your own IT environment. To start with, there needs to be a high comfort level with the service’s security protocols and perimeters.
Better still, before you sign on the dotted line, seek an independent assessment of a cloud provider’s security. Another consideration is whether the provider is following the latest industry standards – such as ISO 27001 – mandating specific security and technology requirements like firewalls and data encryption.
It’s painful to think that your sensitive records could end up in the wrong hands, putting your company at risk, but that’s exactly what needs to be examined before signing a cloud contract. For example, if there is a data breach of some kind, how quickly will the cloud provider alert you and who will be in charge of any investigations? Because the provider does not technically own the data that it manages, these providers may not have the same sense of urgency to notify quickly when there is a breach.
In the event of a hacking incident or data breach, a business needs to be sure about who will mount the independent investigation and which party will pay for it. The service contract should also state clearly that if the cloud service ends up being responsible for a data loss, it should pay for the required disclosure to clients and remediation and also permit an external third party to confirm the results of the investigation.
Before signing a contract, other questions with cloud providers should include:
- Is there any chance that your data will be comingled with other accounts stored by the provider, or is the data properly partitioned? Will a cloud account open a new back door that could potentially penetrate your system?
- Do the cloud provider’s administrators have any ability to view your data, and will your accounts be completely purged in the event that you leave the service?
- Does the provider perform random security audits to check for potential attack entry points?
Cloud-based data management clearly is an exciting new service, and its rapid growth is a testament to the demand from the business world for a better data storage solution. But, don’t be lulled into a false sense of security; cloud computing also represents the next frontier for cyber criminals. You wouldn’t leave the warehouse door unlocked – the same applies to your critical electronic data. Moving your prized electronic assets – your customer data – should not be a decision taken lightly.
Erin Nealy Cox leads the cybercrime response division of international data security and digital forensics firm Stroz Friedberg. She can be reached at [email protected].