Moving Your Data to the Cloud: Know the Risks

By CTI | Apr 04, 2019 | Insights

Years ago, the cloud was created as a way to give people access to their data anywhere in the world, and to house backups off site if anything were to happen to on-premises data storage software. Most organizations today have at least some of their infrastructure in the cloud for those reasons. However, when you decide that it’s time to move your organization’s on-premises computer systems, applications, and data into the cloud, you need to consider some of the risks involved in doing so. In particular, you need to ensure that you work with the right cloud vendor.

While cloud systems are becoming increasingly popular and easier to use, migrations do come with their risks. There are some common issues that organizations may run into when placing their infrastructure in the cloud that could delay their ability to access data when needed. Let’s discuss four of these common issues, what could cause them, and how to mitigate the risk of losing data.

Provider Lock-in

Each cloud service provider has its own environment, with its own unique proprietary data formats, operational procedures and features. If you decide to switch your infrastructure to another cloud vendor, you may have difficulty moving the data to another environment due to the specific formatting that’s been applied to your data. This is known as provider lock-in—you’re essentially stuck with that particular provider’s services. In this case, you’d want to make sure that you have another backup of your data on premises or your data can be converted to another format so that you’re not locked in to one specific provider and dependent on its services. Before signing anything with a vendor, make sure you’re aware of its specific formatting.

Loss of Governance

When you migrate your infrastructure to the cloud, you trust that your provider will exercise due diligence in following federal and state regulations of your industry. There are a few notable security risks if the provider does not do so. When vetting providers for your cloud service, be sure that they have already worked in your industry space, understand regulatory requirements, and have implemented appropriate security controls to protect your data.

Compliance Risks

Depending on your industry, your infrastructure could hold important identifiable or health information that is subject to compliance obligations. Certain cloud vendors could manage their data by shipping it over state lines, or even internationally, and this could put your organization at risk for non-compliance. Sometimes, it’s possible for a contract to explicitly state that your data is held in one center, only for you to discover that it’s been shipped elsewhere. Make sure that you are aware of how your data needs to be handled—and that the contract makes specific mention of those procedures—in order to remain compliant and avoid fines and penalties.

Provider Lock-out

There are a couple of factors for provider lock-out that can cause data recovery issues. First, in the event that there is a data breach and law enforcement has to take over the data for investigation, you could be locked out of your data for months, or even years, during litigation. Second, when a cloud provider slices up its computing power and gives it to multiple providers, you can run into some serious problems. For example, if you’re unaware of how many vendors are actually holding your infrastructure, you may not be able to access all of it when needed, especially if one of those vendors goes out of business. Even worse, if the original cloud provider you signed up with goes out of business, all that data will be lost without another backup. The more backups and recovery options your organization has for your data, the better chance you have of keeping it safe and available when you need it.

Protecting Your Data in the Cloud

The main point we always want to stress with our customers is that the cloud provider you choose, as well as the contract it draws up, should be vetted extensively. Make sure you spend time with the provider to learn exactly how it provisions data. You can ask for SOC 2 reports, industry standard reports, and audit reports to see how things are done and verify that the provider is following standard IT security procedures.

For certain industries like health care, your provider needs to assure that your data will remain compliant and safe; this needs to go in the contract. There are service-level agreements (SLAs) that you need to hammer out before you engage with the vendor, including how they back up information, how you are able to access the data, how they format your data, and what procedures exist for you to migrate to another provider in the future, if necessary. Additionally, you need to know how your data will be destroyed if you decide to move to another vendor. If you make sure at least all of these aspects are spelled out in your contract, you’ll be better protected from the risks mentioned above.

Contact us today to learn more about protecting your infrastructure in the cloud and what steps you can take to improve your data management processes.