Is our data ever really secure? Hacktivists of all kinds (domestic, international, internal, external) are working hard to breach the security of our data. They may want to let the world know which election campaign you donated to, access sensitive financial data, or even more catastrophically, information that could compromise national security.

Exclusive underground e-networks for secret and illegal sharing and fraudulent transaction of stolen information like the web forum Dark Market, busted by the FBI in 2008, continue to spring up like weeds. It seems that the more controls on data we place, the more prestigious, enviable and desirable the hack becomes, and the deeper and darker we push the risk environment into.

A study by the Cloud Industry Forum (CIF) found that nearly everyone they surveyed (98%) was happy with their cloud services, the caveat being that data security (56%) and data privacy (53%) were the number one and two concerns.

Personally identifying information is spilling into social media outlets, and organizational data is spawning within Enterprise Content Management systems. Considering the risks for an information breach and the increasing amounts of confidential data around the world, it’s good that there is significant concern from cloud service users.

Furthermore, when you couple the concerns for data security and privacy with the unprecedented growth of cloud service adoption, making sure there is a clear and comprehensible cloud data security solution is the 500 pound gorilla in the room of every IT department.

So, let’s take a look at some of those decision makers and what they are thinking. Earlier this year, Information Week surveyed more than 900 IT and security professionals in their 2012 Strategic Security Survey. While mobile and software development issues were also discussed, they write that

"It's clear from our survey that organizations today take cloud security much more seriously than in the past."

Not only are organizations taking it more seriously, but many are fearful to the point of complete resistance. Twenty-seven percent of respondents said they have no plans to use public cloud services. Of those, 48 percent said their primary reason for the decision was security concerns.

Of those who experienced security breaches over the previous 12 months, this is how the types of breaches broke down:

While malware dropped from 78 percent to 68 percent in 2012, it is still the overwhelming biggest issue. The cat and mouse game between data security providers and malware malfeasance recently took a turn for the worse when there was a new and more effective "man-in-the-browser" (MITB) attack method that uses malware that steals users’ sensitive information when entered on websites.

It's Not All Doom and Gloom

For anyone on the fence about whether cloud data services are right for their business, don’t let security concerns paralyze you into irrational fear. As long as you end up with the right service provider, the positives will far outweigh potential risks.

Among the many benefits of cloud computing is how it greatly increases worker efficiency and decreases the time it takes to complete projects and deploy services. One very large endorsement of those benefits came from Toyota when they recently finalized a deal to move their entire worldwide workforce of 200,000 employees to Microsoft Office 365, the relatively new suite of cloud-based services.

Freeing up time for Toyota’s IT professionals has given them time to work on projects that directly impact Toyota’s products. So, in essence, cloud computing will be revolutionizing the auto industry.
"We have some awesome tech coming out in our vehicles," says Zack Hicks, Chief Information Officer North America and Group Vice President for Toyota. The cloud has turned cars into the next big "connected platform."

Among those "awesome" innovations are some potentially life-saving ones:

  • Cars that send an alert when a driver's health condition has become unsafe and needs medical help. For example, steering wheels that measure the driver’s heart beat, respiration, blood-sugar levels, and sends the information to a doctor
  • Semi-autonomous vehicles that help elderly drivers

Security and Data Management: 3 Things to Consider for Your Business

Your data can be maintained internally or it can be outsourced to specialized third parties. In the latter scenario, organizations like mine help others determine how to make decisions regarding the efficiency and security outcomes of their digital content.

Before your organization makes a decision regarding the management and security of your data, here are three things to consider:

1. Dissect the Data. What data needs to be stored for archival preservation and what has a priority for sharing and real-time usage? Gartner Research recently found that among very large firms, data was categorically managed using different policies and procedures. Many large organizations are “more likely to use SaaS for sensitive data, than for mission critical data.”

Many small- to mid-size businesses often consider solutions that are a one-size-fits-all model, but companies need to consider all the options available for segmented data. In traditional paper records management, as in data, not everything should be moved off-site into a warehouse. Some records should stay by your side in the filing cabinet.

2. Verify Vendor Claims. Vendors and data centers who will become custodians of your data have competitive forces that keep them honest and effective, but considering the risks, legalities, and liabilities, balance your trust with first hand verification.

Visit the facilities. Remember that security is only as strong as the weakest link. The virtual protocols may be advanced, but if the physical facility is managed loosely, the risks are still present. Talk to the technical engineering teams who are not part of the typical sales cycle. If they claim something like a 99.9999% up time, have them produce records that verify that claim. Contact current customers using the provider and take the time to listen carefully what is said, and what is not said.

3. Got GARP? Although the medium and technology has changed to digital, the objectives and outcomes for data management and data security are the same as managing paper and other traditional records. GARP (Generally Accepted Recordkeeping Practices), now known as The Principles, should be present within the backbone of every professional information governance service in the modern age of data management.

GARP includes:

  • Accountability
  • Integrity
  • Protection
  • Compliance
  • Availability
  • Retention
  • Disposition
  • Transparency

For each decision related to data security, ask yourself if organizationally your choices will improve the GARP risks. Will the overall accountability of the data and people who manage the data increase? Will the integrity of the data stay pure and available for clear observation and inspection? Will you be improving the protection of the data? Will this help your overall compliance requirements?

Staying ahead of the hackers and data thieves is a challenging and critical objective. I hope these three conversation points assist you in the process.