Cloud computing can offer businesses a great scalability and flexibility at a lower cost. But like any big decision, it’s important to be aware of any potential pitfalls.
For those of you who are unaware, cloud computing is a means of providing computing services over the internet. A classic example is data storage. These services are offered from data centres all over the world which is collectively known as the “cloud”.
It goes without saying that cloud computing is revolutionising the way business is done and is perhaps more common than we all think. In fact, chances are that you are already in the cloud i.e. if you are using a Gmail service.
But there are legal and client obligations that need to be considered.
According to the national privacy regulator, the Office of the Australian Information Commissioner, businesses must have a reasonable level of security safeguarding data, and they should take reasonable steps to ensure that data is not stolen, lost, changed, misused or disclosed to unauthorised parties.
While the regulator advises that it is good business practice to let clients and individuals know that there has been a data breach that could cause serious harm, it’s not mandatory.
Cloud computing providers store both the software and your business data on networks and servers at remote locations, often overseas.
The data is subject to the laws of the country in which it is stored. Laws and privacy protection vary significantly from country to country, so storing data in the cloud could have some potentially serious legal implications.
As a result, companies tendering for Australian government work may not be permitted to have their data in the cloud.
For any data that is stored in the US, or even hosted locally by a US-owned company, may be subject to the US Patriot Act. The Act permits American law enforcement agencies to seize data without a court order, if they believe it to be in the interest of national security, the definitions of which can be extremely broad.
Another concern is that a hosting provider offshore can be shut down and you can lose your data entirely.
It can be difficult, if not impossible, to retrieve cloud data that is lost or seized by international law enforcement agencies.
What about local alternatives? If you want a cloud solution but must comply with Australian privacy laws, there is no need to host with a global provider. There are local options – although they may not be as cost effective.
Unlike the internet where the information you post is very difficult to eradicate, if you decide to move data to a different cloud service or to an on-premises solution because of privacy concerns, any reputable cloud service provider will state that they have no knowledge or ownership of your data. Once you stop paying, they will wipe your data and sell the storage space to someone else.
Below is a series of questions that you should ask yourself before considering if your business is suited to using cloud based services.
- How much data will you be transferring?
- Are you transferring any sensitive data or government data?
- In what country will your data be stored?
- What safeguards does the cloud provider have in place to protect your data?
- How does your cloud provider prevent unauthorised access to data?
- What data retrieval processes and agreements are in place?
- What contingency plans do you have to back up and retrieve cloud data?
- What policies are in place to manage a data breach?
Clearly a decision to move to cloud computing should be made in conjunction with your IT or computer advisor.