The Cloud Is A File Cabinet – Make Sure You Lock It

The Cloud Is A File Cabinet – Make Sure You Lock ItEveryone from Walmart to my 10 year old nephew is using cloud computing.  Small and mid-sized businesses see it as a great way to use the types of services that were only available to large organizations in the past.  Large companies see it as a way to scale quickly and provide new services fast.  My business runs completely in the cloud.  Ten years ago this would have been impossible.

Businesses are taking advantage of filing sharing services from Onehub, DropBox, Egnyte, Box and others to share documents across PCs, Macs, smart phones and tablets.  Evernote is a great service for sharing meeting notes and documents with colleagues.  Numerous other services exist for collaborating with customers, business partners, development teams and anyone who needs access to information quickly and from any device.  The cloud has become a big virtual file cabinet for most of us.

Before you use any computing system you should decide how you will use it.  Will it store sensitive information about your business?  Will it house brochures and marketing collateral?  Will it contain credit card information or personal information about patients?  Whether the system is in the cloud or in your server room, you need to decide the sensitivity of information before determining how you should handle it.

If you store confidential information in a file cabinet or safe, you lock it.  The same applies to electronic files and documents.  You need to lock down anything sensitive or confidential so only those who have a need can access the information. This is logical, but is also time consuming. You could take a blanket approach and lock down every piece of information in your organization, but that might not be practical or feasible. It makes more sense to determine the sensitivity of something and then take appropriate measures to secure it.

Putting information into the cloud is no different from putting it anywhere else. Some people think the cloud is some magical place of unlimited computing and storage in the sky – I always thought it was. The cloud is really millions of servers in data centers all over the world with hard drives, CPUs, memory and software providing computing on demand through virtualization techniques. These are the same servers and software that sit inside your company’s private data center or server room.  Securing information in the cloud is really no different from securing it anywhere else.

The best way to secure and control your documents is to encrypt them with a persistent security policy.  Whether they are in your email system (local or cloud-based), an on-premise SharePoint server or a cloud-based file sharing service, you need to take the same care.  If you have a document sitting in SharePoint that should not be seen by anyone outside Finance, you better lock it down with a policy that limits its access to Finance.  When you move it to the cloud, the same security should apply.

The confidential nature of some information is time sensitive, such as earnings reports. Once you announce quarterly earnings, the information is public and no longer confidential. Other information is always confidential, like a social security number or Personal Health Information (PHI).  Once you decide the sensitivity of something, you can decide how to lock it down and where to put it.  Don’t assume your on-premise systems are safer than a cloud service or vice versa.  Cloud providers are in the business of keeping their systems running and keeping your information secure. That’s all they do. If they don’t, they will go out of business. Your IT department is charged with a lot of things and may not be expert at everything.  Security may be good, but IT has a lot of other things to worry about.  Just look at all the data breaches that are constantly in the news.

Assess your information, decide what is sensitive and lock it down with the appropriate level of access permissions.  Determine how long the information should stay confidential and apply policies that enforce that timeframe.  If a document gets into the wrong hands, you can revoke access rights to it and then no one can use it.  Whether you put your sensitive information in the cloud or not, lock it down. You’ll sleep better.

Comments 3

Leave a Reply