Does Your Business Have a Cloud Computing Usage Policy?

cloud and rainMany businesses have a Bring Your Own Device (BYOD) to Work policy, a risk management policy, and some businesses are even tech-savvy enough to have a social media policy. Some businesses go one step further and introduce and review all these policies during the onboarding process for new employees. But while many businesses expect employees to collaborate on work either while in the same office or remotely, they are placing their data at risk if they don’t have a cloud computing usage policy.

In simple terms, cloud computing is the process of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than using a local server or a personal computer.

According to Wikinvest, “Cloud computing allows consumers and businesses to use applications without installation and access their personal files at any computer with Internet access. This technology allows for much more efficient computing by centralizing data storage, processing, and bandwidth. A simple example of cloud computing is Yahoo email, Gmail, or Hotmail. All [the user needs] is an Internet connection [to] start sending emails. The server and email management software is all on the cloud (Internet) and is totally managed by the cloud service provider Yahoo, Google, etc. The consumer gets to use the software alone and enjoy the benefits. The analogy is, ‘If you need milk, would you buy a cow?’”

What should you consider as you create a cloud computing usage policy? Here are five key items:

[1] PERSONNEL
Which members of your team should access the documents stored in the cloud? If you grant universal access to the stored documents, you may be giving away keys to your data. Think about your data as if it were in a vault. How much you spend on the vault is determined by how much your data is worth. There are different levels of need for access – for example, some Vice Presidents may have greater need than IT managers, or vice-versa. You are not obligated to provide the same level of access to all employees. It’s called “least privilege.”

[2] USAGE
How often do your employees add documents to the cloud? If your team uploads data on a daily or weekly basis, then the cloud may be an important way for your team to interact and work. But if your team only accesses the cloud once a month, you need to reconsider the cloud as an efficiency tool. Is it really worth the cost?

[3] TRAINING
Have you decided on the parameters of using the cloud? For example, there may be specific types of documents that should reside in the cloud rather than others. Do employees store Word documents, Excel spreadsheets, pie charts, PowerPoint presentations, photos, etc.? For your employees to understand the benefits of using the cloud and to be proactive in protecting your business’ confidential data, they need training. Maybe you use a hybrid system where your confidential documents, such as intellectual property, are kept in-house and your other documents are kept in the cloud. Unfortunately, there are too many businesses that allow their employees to store whatever they wish in the corporate cloud. This can become a sticky legal issue if it is found that the employee is using it to store illegal information, other companies’ intellectual property, or any type of data that can place your company in a position to be sued.  Establish rules that must be followed and let the employee know that any wavering from the acceptable use policy will be grounds for termination. Be sure to have your attorney approve the document and make sure all employees read it and sign it. A part of an employee’s training is to educate him or her on the use of public cloud sites. Train employees to understand that uploading corporate data into their public cloud site is unacceptable. And finally, you must establish a password policy that everyone must follow: at least 10 characters comprised of uppercase, lowercase, numbers, and special characters – or use biometrics. Run this policy through active directory so it is enforceable. Don’t leave it up to individual users.

[4] TIMING
How necessary is it to keep your documents in the cloud and do they remain there indefinitely? If it is a team project and the project is finished, does it really need to remain in the cloud? There should be a defined lifespan for the data to reside in the cloud. Maybe confidential docs should only reside there as long as they are being worked on – and non-confidential docs can remain indefinitely. But the one thing to remember is that the cloud is never permanent. Very few providers will last for years – or the fees that your company will be charged will become exorbitant. Think about a guest in your home: that person stays for a limited amount of time (hopefully) and then leaves. The same rule should apply with the cloud – store your documents there, work on them, and then do what your cloud policy says to do.

[5] BACKUPS
Did you know that most cloud based companies do not back up your data? They will do it for themselves, but if you want to retrieve your data, especially from a long time ago, you may be out of luck. You may be able to retrieve it, but it will cost you a lot of money. If you need to recover deleted data, such as, purged email from a long time ago, you might find your SaaS or PaaS providers like Salesforce.com, Google Apps, Microsoft Office 365, Amazon Web Services, etc., unable or unwilling to help. Recently, a new use for “the cloud” has come about. It is called cloud to cloud backup and recovery. It is automatic and saves all of your data from whatever PaaS or SaaS you are using. My mantra of “It is not if you lose your data, but when” has unfortunately rung true many times for many people. Using cloud to cloud backup and recovery might just make that saying obsolete. That is of course, if it is set up and managed correctly.

Remember, clouds can burst, and you don’t want your data raining down somewhere it doesn’t belong.

Image Credit: Stuart Miles via FreeDigitalPhotos.net.

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Advertisements

About Allan Pratt

Technology and cybersecurity professional with focus on tech news, cybersecurity, networking, infrastructure, data protection, consumer electronics, and social media.
This entry was posted in Business Process, BYOD, Cloud Computing, Cybersecurity, Data Breach, data protection, Data Security, Management and Technology, Network Security, Telecommuting and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s