Cloud technology is quickly gaining favor in the personal and business technology arena, because of ease of use to seamlessly store information on multiple devices for little, and in some case, no cost. But like all new technology, there is a risk that comes from storing information in the cloud, especially for small business owners.
Brian McGinley, senior vice president of data risk management for Identity Theft 911, said the risks presented by storing data in the cloud are not defined in black and white because the technology is still developing.
"Not all clouds are created equal," McGinley said. "You will find some toe-dipping initially until security issues are weeded out."
While the potential for cloud computing is rapidly growing, McGinley warned users need to proceed with caution and be willing to assume responsibility for security blips when they arise.
"Companies that are using, or are planning on using the cloud, need to understand that they can transfer information [to the cloud], but they can't transfer the responsibility of protecting that information," he said. "They need to do their due diligence and see what security practices are in place with individual cloud providers, and what their liability is in the event of a breach."
Samara Lynn, lead analyst of Business and Networking at PC Magazine, said cloud computing offers many benefits for small business owners, including major cost savings. Programs like DropBox and Microsoft Office 365 can be used for between $5 and $10 per user, per month.
"You don't have to buy hardware and can have people manage it locally," Lynn said. "The big standout is the cost effectiveness of moving to the cloud."
Centralized data management is another perk for cloud users, she said, as opposed to having different systems scattered in a data center. Users can also easily add more storage space when necessary.
Small business owners can also control who accesses what material in the cloud, Lynn said, offering an added layer of data protection.
"A lot of cloud-service providers have access control levels, where you can determine who has access to what; you have quite a bit of management flexibility," she said.
But not all information belongs in the cloud. Putting sensitive information on the cloud can be risky, and can be a major blow to a small business if breached.
Here's what McGinley and Lynn suggest small business owners should, and shouldn't store in the cloud.
Email: YES. Lynn said anything that is commoditized, like email, is safe to store in the cloud. "You can really get it from anywhere, and it’s a great platform for the cloud.”
Personally Identifiable Data: NO. McGinley said storing any type of personal information for yourself or your customers in the cloud would be a mistake. Anything with date of birth, Social Security number, passport numbers should not be kept in the cloud.
"Cloud providers are no less bulletproof than any other industry," he said. "It's the extension of trust. You have to understand contractually what minimum security practices will be required, and what notification processes there are in place if a breach occurs."
Litigation strategies, Medical Files, Tax Information: NO. Any information that is dealing with potential litigation, or confidential legal files, shouldn't be stored in the cloud, McGinley said.
"If you want to do this, you should consider a strong encryption protocol.”
Lynn added that anything that must be HIPPA, SOX or FIPs compliant, shouldn't be stored in the cloud because the technology isn't yet required to meet these standards.
"A lot of services are compliant," she said. "It's up to the (small businesses) to use their service to make sure the data meets those requirements."
Basic Data Files: YES. Storing things like group project files or Word documents in the cloud can actually make life easier for small business owners. "This means you can access them from anywhere, anytime," Lynn said. "Any sort of collaboration system, like a service where you could upload files and share them with employees are ideal for the cloud."
Mission-Critical Information: NO. Information that is central to allowing your business to run every day should not be stored solely in the cloud, Lynn advises. This can directly impact your revenue if the system were to go down, even if a breach doesn't occur.
"We see services go down every day.”