As a large company handling a high volume of data, we use a cloud computing service provider to store our data. What are the best preventative security measures my company can take to protect my sensitive or confidential information?
Most companies are moving to cloud computing for electronic storage because the cloud both increases efficiency and reduces information technology costs. But the business advantages of cloud computing often obscure the potential risks. Companies must consider what kind of data they are putting into the cloud. Sensitive, critical or regulated information should be subject to robust protection. The best way to ensure this is done is through your company’s contract with a cloud computing service provider. Through a properly drafted contract, you can segregate vital information from run-of-the-mill data and impose additional security by, for example, adding native-level encryption or imposing multi-factor authentication. Just as importantly, in the case of a security breach, taking and documenting these steps helps a company credibly explain that it made its best effort to protect sensitive or regulated information.