With the increased need for scalability, business continuity, and reducing costs, many companies have begun to either store or back up data to the cloud or utilize a third-party data center. These solutions provide several benefits; however, there are risks that come with storing data outside of the company’s physical location. This article discussed some of the benefits, risks, and questions that should be posed when looking to utilize a cloud service provider or third-party data center.
Benefits of Cloud Storage and Third-Party Data Centers
There are several benefits of using cloud storage and third-party data centers. These can include disaster recovery, convenience, cost efficiency, accessibility, and scalability. Of these benefits, scalability and disaster recovery can often be considered the most beneficial. As a company grows, storage can be easily added as opposed to the additional burden of purchasing additional on-premise storage and installation at a physical location. Additionally, disaster recovery can be streamlined using cloud or third-party data solutions.
Risks of Cloud Storage and Third-Party Data Centers
Risks are also present when utilizing these services. These can include unauthorized access to data, loss of data, security and privacy concerns, and cybersecurity attacks and breaches. Heavy reliance is put on the cloud storage provider or third-party data-center controls which can include keeping up with patching, security vulnerabilities, and monitoring access permissions.
Making a Data Storage Decision
When looking at a cloud service provider or third-party data center, here are some questions you may want to consider:
- Price Structure – What is the price structure for the services provided including scalability?
- Price Options – What are the price options for the services provided?
- Security – What security does the cloud storage or data center have in place?
- Hardware & Software – What does the cloud storage or data center utilize for hardware and software?
- Service Level Agreement – Is there a service level agreement (SLA) with the cloud storage or data center?
- Contract Renewal – What is the contract period and renewal?
- Accreditation – What accreditation or certifications does the cloud storage or data center have?
- Confidentiality & Privacy – Is there any personally identifiable information (PII) or HIPAA related information that will be stored and how will it be protected by the cloud storage or data center?
SOC 2 Reports for Cloud Storage and Third-Party Data Centers
SOC 2 has become a common compliance report for service organizations to provide reasonable assurance that controls are in place and are designed and operating effectively. Criteria for SOC 2 can include security, availability, confidentiality, privacy, and processing integrity. Depending on the concerns of your business, requesting a SOC 2 report from a cloud storage or third-party data center can help you assess any security risks and confirm any of your responsibilities as a user of the service.
McKonly & Asbury can assist your company or managed service provider with SOC 2 audits and readiness assessments to identify whether effective processes and controls are in place as well as provide you with recommendations. For more information, be sure to visit our System and Organization Controls (SOC) service page and don’t hesitate to contact Dave Hammarberg, CPA, CFE, CISSP, GSEC, MCSE, CISA regarding our services.