3 Types of data that may not belong in the cloud

There’s no question that the public cloud has opened new doors for many companies. Multi-tenant cloud services make necessary functions – such as storage, backup and recovery – more economically viable and flexible than ever. However, sending sensitive information to the cloud can backfire if you’re not careful about the contents of the data you’re deeming cloud-ready.

As Blue Coat Systems recently found, one in 10 documents hosted with public cloud services is likely to contain sensitive data or information that violates compliance regulations. And although many Software-as-a-Service (SaaS) vendors claim that data is fully destroyed upon users’ requests, companies have little assurance that a third-party vendor’s data disposal processes align with their own standards. In other words, even if you identify and delete your sensitive data, it may continue to live in the cloud and create additional security risks.

Before sending data to the cloud, your company should know exactly what that data contains. For example, think twice before invoking the cloud for the below three types of information:

Federal or state legislation

Many law firms and government agencies already avoid cloud storage for legislative data. It’s hard to confirm exactly where cloud data will be hosted – and the regional compliance laws for a Microsoft data center in Ireland may differ from your team’s local regulations. However, that’s not to say that the cloud is out of the question for such information. Keeping updated about location-specific laws and using a data-aware solution can help ensure your data remains safe and in compliance.

Test and development environment data

Research and development (R&D) and testing processes are key to the success of any company that offers an original product or service. This information is also a top cloud candidate for many teams, due to most companies’ high output of test data and the cloud’s attractive pricing options. However, there are times when real customer details are involved in the testing process. Before invoking a third-party cloud partner to host your test environment, be sure its source information can’t be traced back to specific customers.

Records with extended retention policies

Many types of records – medical, insurance, legal – must be stored and protected for a certain number of years, depending on the industry and the sensitivity of the data. Rather than allowing those records to claim primary storage real estate for an entire decade, companies often alleviate costs by backing them up to cloud services. However, if you’re not securing those files before they reach the cloud, or you’re overlooking highly confidential elements within them, you can put your company, its reputation and your clients in danger.

Security is a process, not an end goal. Tweet: Managing sensitive information is an ongoing effort for any company. However, by gaining visibility into your stored data, you gain a measurable advantage in the fight to protect your data. That’s why data-aware storage is a powerful tool to help ensure ongoing security and avoid issues, such as data loss and data theft.

Learn more about cloud data considerations in my recent blog, “Cloudy with a chance of data loss.”

  Like This
Andrew Hay

Andrew Hay

With over 15 years of data security experience in various roles inside organizations as well as advising them, Andrew serves as the chief information security officer at DataGravity. He is responsible for the development and delivery of the company’s comprehensive data security strategy. Prior to DataGravity, Andrew was the director of research at OpenDNS (acquired by Cisco) and the director of applied security research and chief evangelist at CloudPassage.