Ensuring your Sensitive Data is Safely Removed from Cloud Services

by

 

 

Cloud services offer solutions to a myriad of business problems, and more businesses of all shapes and sizes are choosing to adopt cloud solutions for its flexibility, efficiency, accessibility and strategic value. Do you want to securely share that sensitive document with a partner organisation; or easily manage your company accounts and payroll? Go ahead there’s a cloud service for that.

The problem

What happens to your businesses’ data when you decide to stop using a certain cloud service? I’m sure you don’t want copies of your valuable intellectual property (IP), or personally identifiable information (PII) that you control or process leaking out into a competitor’s or cyber criminal’s hands, so you need to know how and when your data will be removed. Why?

Money.

Losing IP to a competitor will risk giving them the edge over you in a competitive market, losing you sales and return on investment on all that R&D spent to develop your IP.

Losing PII will not only undermine trust in your business; but will have further ramifications under the GDPR and will probably net you a heavy fine from your local Data Protection Authority.

The solution

Any cloud service provider worth their salt should have a Data Retention and Disposal Policy that will inform you of when and how your data is securely removed should you need to remove that data, or if you decide to no longer use that service.

The big three cloud players: Amazon AWS, Microsoft Azure and Google Cloud, have well-documented policies; that any service hosted on their infrastructure can provide to you. However, I’m surprised that many big names that run on their own cloud infrastructure are either hesitant to provide you with this information (as if it’s some trade secret); or that they just don’t have the relevant policies in place at all.

Remember to check that any cloud service you sign up to has robust policies in place for when you need your data to be removed, as well as making sure your data is secure whilst you’re using the service.

If you’re unsure about where you stand with cloud services and GDPR, don’t hesitate to contact us for more information.