Within the last year we have seen a rush of companies moving to store their corporate data in the cloud. While cloud computing promises easier data management, scalability and the potential for lower costs, organizations need to ensure that the cloud technology solution they select can also meet their information governance requirements. Here are some areas to consider:
1. Data Security: Companies should ask how data security and encryption are handled. There are specific compliance requirements governing the secure storage of sensitive information, including PII, PHI, PCI. While security is often the top concern for clouds, I believe that most major providers offer data security as good or better than that provided within most corporations’ internal systems. Still, make sure you review the cloud service provider’s security program. Also look at the level of access control—who can see whose data?
5. Deprovisioning and Expiration: How is user access and deprovisioning implemented when employees are terminated? What reporting mechanisms are in place for monitoring active and inactive data usage in the cloud? Can older, unneeded data be easily deleted? If you release a legal hold, does the older, released data get expired per the policy?
6. Application Access: Will you be forced to access your data in the cloud through your service provider’s applications exclusively, or does the provider allow other applications to access through open, published interfaces (called APIs)? Will these APIs support use of your preferred e-discovery tools?