Home > Uncategorized > Cloud Storage – Understanding the Risks.

Cloud Storage – Understanding the Risks.

With more and more records falling into the “born digital” category, many clients are struggling with ways to effectively manage huge volumes of information. Records managers tend to be excluded from IT decision making within the enterprise, and some of these decisions may severely impact records and information management policies.


The cloud may be an attractive alternative for many clients because of cost reduction. There is reduced need for capital investment in digital infrastructure and also cost reductions in capital investment in software. Labor costs can also decrease following a cloud deployment since many of the maintenance tasks such as patching and security oversight may transfer to the cloud host. Usage in the cloud can also be scaled up or down to match the needs of the enterprise. Taken together, a compelling case can be made to shift more records storage to the cloud.


In spite of these positive justifications for cloud adoption, there are significant risks associated with cloud computing. Clients should approach any provider with a checklist of questions. In a 2008 article titled “Gartner – Seven Cloud Computing Security Risks”, information management consultants identified seven areas of concern. To date, many of these issues have not been addressed at a level that would inspire confidence in the platform. Here is Gartner’s list:

  • Lack of privileged user access means that internal operational controls, policies and tracking may not be applied in the same way in cloud hosting. This may create vulnerabilities in that environment that would not exist internally.
  • Regulatory compliance is a critical factor. Accessibility of auditors to cloud hosting facilities may not be sufficient to facilitate compliance in areas such as PCI, Sarbanes Oxley or the Data Protection Directive. Chain of custody issues and access tracking may also be difficult.
  • Data location is an especially daunting issue in Europe where there are strict requirements regarding cross-border transfers of data. Theoretically, cloud storage could be hosted anywhere in the world. Some countries do not have robust laws governing data protection and that can create compliance risks.
  • Data segregation refers to the practice of hosting the data of multiple clients on a single server. Some clients, particularly those who have especially sensitive data, may be opposed to this practice if it leaves open the possibility of accessing the data of other clients on the same server.
  • Disaster recovery is an issue we concern ourselves with every day. In selecting a hosted platform, there may be confusion as to the actual physical location of data and whether that facility has redundancies built-in to provide for continuous operation in the event of a disaster.
  • Investigative support refers to the need to be able to track and trace user access and other logs in order to determine whether there has been unauthorized access. This would be critical in a data breach investigation and is made difficult in a hosted environment because of multiple clients accessing data on the same server or virtual environment.
  • Long-term viability is a question of longevity of the data host. If they were acquired, or more importantly, if they went out of business, what are policies and procedures for accessing and recovering data that is hosted?
    Source: INFO – The weekly newsletter of PRISM International
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: