• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • About
    • Secure360
    • UMSA
    • Get Involved
  • Events
    • Secure360 2021
    • Student360
    • Past Events
      • 2020 Secure360 Twin Cities
      • 2020 Student360
      • 2019 Secure360 Twin Cities
      • 2019 Student360
      • 2018 Secure360 Twin Cities
      • 2018 Secure360 Wisconsin
      • 2018 Student360
      • 2017 Secure360 Twin Cities
      • 2017 Student360
      • 2016 TC Secure360 Conference
      • 2015 Secure360 Conference
      • 2014 Secure360 Conference
      • 2013 Secure360 Conference
        • 2013 Secure360 Conference Speaker Presentations
      • 2012 Secure360 Conference
  • For Sponsors
    • Secure360 Twin Cities
    • Student360 Sponsors
  • For Speakers
    • Secure360 Speaker Details
    • Student360 Speaker Details
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

Auditing your cloud

December 17, 2013 by Secure360 and UMSA

cloud-securityThere’s no arguing cloud computing is convenient, affordable and charts the future for many practices within network security. The intention behind every new technological advance, in network security, is to increase speed, storage and mitigate data loss, while removing frustrations. When your information is in the cloud, it’s easy to fall into a relaxed mindset. Out of sight, out of mind, right? Wrong. Your information is only as secure as your due diligence in auditing your cloud’s network security. If you don’t have a solid answer for these three questions, your data and company may be at risk.

1. Where is your data being stored?

Even if your service provider is an American company, they may not state where your data is housed, let alone guarantee it is in the same country or continent. Data is constantly being moved around to balance server loads, and, in some cases, may move to another data center in the event of a security breach. Rules and regulations on cloud security are significantly less strict than physical data warehouses. In fact, your company is named the data controller for compliance purposes, meaning you need to comply with the laws and regulations that apply in the territories in which you operate and/or data is held.

2. Are you compliant with local policies?

Knowing where your data is stored is not only a benefit to ensuring proper procedures are in place for your own data but also can protect you against legal action. For instance, the Patriot Act states any data stored in the US/UK by any company headquartered in the US is subject to access by federal authorities, including financial information and emails. Meaning, as a data controller, you are completely responsible for how your data storage is being managed. Failure to comply will result in legal action in the corresponding country.

3. What should your cloud audit consist of?

To ensure your cloud storage provider is being compliant, you should review their policies and procedures regarding how your data is treated. In order to prevent a security breach, what are the provider’s technical solutions to protect your data? Additionally, you should review the skill level of both the technical and business staff to confirm their competency in the field of cloud security. Finally, if feasible, a physical audit of the data center location(s) should inform you how their day-to-day operations and physical security measures are safeguarding your data.

In the end, while securing your data in the cloud may be convenient it’s only as safe you make it. Before selecting a service provider, a cloud security audit needs to take place. Be sure you know where your data is being housed and whether or not the location and/or company are being complaint with local rules and regulations. Guarantee your data is being properly protected by going the extra mile and investigate the service provider, its staff and location in order to give yourself peace of mind.

Filed Under: Business Continuity Management, Cybersecurity, Risk and Compliance

About Secure360 and UMSA

The Secure360 and UMSA team is made up of professionals in the security and risk management industries. Topics of expertise range from physical security, IT, risk management, cybersecurity, cloud, information security and records management.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

No tweets found.

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2021 Secure360. All rights reserved.