In the rush to take advantage of the many benefits of cloud storage, organisations are failing to consider the legality and security of these solutions. Dropbox, OneDrive, BT Cloud, and Google Drive are used every day by millions of individuals and organisations around the world. However, entrusting the same third-party cloud storage provider with your holiday photos and your company’s intellectual property is often unwise. If you haven’t already, it is essential to stop and think about which platform is right for your data.
Organisations must know exactly where their data will be physically stored.
One reason for this is because some data, such as personally identifiable information (originating from inside the EU), is subject to EU laws governing its storage and processing.
With the imminent arrival of the EU’s General Data Protection Regulations (GDPR) it has never been more important for your organisation to remain compliant when storing and transferring data. The regulations specify that personal data can only be transferred outside of the EU in compliance with the conditions for transfer. Fines for companies in breach of GDPR will be up to €20m or 4% of the organisations global annual turnover (whichever is greater). Getting this wrong could have serious and irrevocable consequences.
Secondly, when data is stored in a different country, it is subject to foreign law enforcement agencies and laws. For instance, cloud service providers based in the USA have to comply with The Patriot Act. This allows US government agencies vast powers to demand access to data belonging to the customers of US-based cloud storage providers. Worse still, cloud storage providers, such as Dropbox, will remove their own encryption from the files before providing them to the law enforcement agencies. All of this can happen without you being notified. This is another reason why it is essential to know where your data is being stored and to understand what local laws it might be subject to.
Some cloud storage providers are designed purely for storing your data and aren’t able to handle multiple users editing the same files. With several employees accessing files via the cloud, edits or changes to your document can mean you start to lose control of that document. Using a platform that allows you to control access, track changes, and attaches those changes to individual users is vital for version control. In a scenario where a rogue employee edits or deletes company information, it is vital the platform allows you to identify who is responsible, and to access untampered versions of the data, to minimise further damage.
It is crucial to distinguish between personal and business requirements for cloud storage. To protect your company’s data, you need a secure service that’s fit for purpose, with strong encryption and access control, based in the right country to remain compliant.
Contact us on 0844 586 0040 for advice on secure cloud storage solutions for your organisation.