Security boost for the cloud

SMEs still take too much time to address the issue of cloud compliance. This can cost them dearly, because even when data is outsourced, the ordering company remains responsible for it.

Companies are therefore obliged to check whether their cloud provider meets the technical, legal, data protection and contractual security requirements.

The sooner they start, the more future-proof they are. Greater flexibility, lower costs and an extremely reduced administrative burden - the advantages of cloud computing are obvious.

At the same time, however, companies lose some control over their data when they place it in the hands of a cloud provider. The more sensitive the company and customer data, the stronger the security measures must be - and these must be checked.

If this does not take place, the managing director is liable. Basically, the same security requirements apply to cloud compliance as to IT compliance when the data is stored in the company's own data center.

Questions to be addressed include:

• What data must have the highest level of security?
• What does the emergency program look like, i.e., what happens if third parties obtain company-critical data such as research results?
• Who has access to which data, where, when and for how long as part of the administration on the part of the cloud provider?

To be on the safe side, experts recommend getting monthly security reports from the service provider, which provide information about the security level and maturity of the service.

In short: although quite complex, cloud compliance is not magic, all in all. But of all things, many SMEs have an open flank when it comes to this topic.

While there is a minimum level of compliance everywhere, the matter is rarely pursued systematically and continuously. Resources are often lacking, sometimes know-how, and sometimes simply the awareness that action needs to be taken at all.

But a (too) phlegmatic attitude to cloud compliance can quickly cost money - not to mention the threat of a loss of image if the matter comes to light. There can be severe penalties from the legislature and claims for damages from aggrieved customers if insufficient protective measures have been taken.

"Especially smaller and mid-sized companies that don't have the resources to deal with cloud compliance in detail like large corporations should get external help here"

recommends Bernd Usinger, CEO of Gebhardt Sourcings, the parent company of Broker2clouds, which specializes in IT strategy consulting.

"This also has the advantage that the issue can be addressed holistically and continuously."

IT and thus cloud compliance means constant further development in order to optimize processes and to adapt company-defined security measures to constantly changing data protection regulations. The IT consulting company secures its customers with analysis tools specially developed for medium-sized businesses.

Conclusion:

SMEs, which benefit particularly strongly from outsourcing to the cloud because the cloud providers can usually guarantee a significantly higher level of compliance than they can themselves, must adapt their IT compliance in such a way that it is possible to continuously check the agreed and required security precautions of the service provider. Then, at the latest, medium-sized companies will also get a good boost in the cloud when it comes to cloud compliance.