“I see the big cloud providers in the same way I see a bank,” said Tony Scott, U.S. CIO, in a Google for Work webcast in late October. “They have the incentive, they have skills and abilities, and they have the motivation to do a much better job of security than any one company or any one organization can probably do.”
Well said, Mr. Scott. We agree. Here’s why:
Physical Security: Major cloud providers have data centers with military-style physical security. Regular companies aren’t going to make that level of investment.
Secure Processes: All of the major players are also audited and certified to the nth degree, so companies can be confident that secure processes are well established.
Ever-changing Threats: Hackers are always coming up with new techniques. Organizational IT departments will not be as on top of this as the major cloud providers.
It is without question that risk, insurance and claims information is loaded with sensitive data that needs to be protected. If you play any role in managing, storing or transmitting such data, be sure that you, your vendors or any other third parties are taking great caution with that data. If you rely on a Risk Management Information System (RMIS) for any of these functions—or are considering investing in one—ask your provider if it has the following:
- A reputable cloud host like Amazon, Microsoft and Google
- Third-party security certifications from entities like SSAE 16 and NIST
- Regular testing for system vulnerabilities or attempts from outsiders to compromise data
- The ability to encrypt data in transit and at rest
- Intrusion detection and prevention tools that alert your provider when indications of compromise or potential compromise occur
These controls, coupled with top-of-the-line security from major technology players Amazon, Microsoft and Google, should give you confidence in your data's security. Don’t be disillusioned by claims that hosting data in a private cloud is safer than company servers or the public cloud. The private cloud ultimately faces the same security limitations that company servers face.
Even the United States Department of Defense has certified Amazon. Further, highly regulated industries like healthcare and financial services have moved data to the public cloud with the confidence their cloud providers' security mechanisms are compliant with those required by the Health Insurance Portability and Accountability Act (HIPAA) and the U.S. Securities and Exchange Commission respectively.
Hackers are coming up with new exploits every day. You need the very best entities protecting your data. While actually securing data is complicated and expensive, picking the right host to do it for you doesn’t have to be as unsettling. With endorsements from a highly ranked federal official, a security-focused government department and highly regulated industries like healthcare and banking, the major public cloud providers can be trusted by organizations with sensitive data.