How Much Should You Trust a Cloud Vendor?
Trust can be a fickle thing. As the saying goes, trust takes a lifetime to build but only a moment to ruin. In the business world, trust can certainly be hard to come by, especially when information and data valuable to the success of a company can easily be stolen or misplaced. This is the thought on the minds of many business leaders as they contemplate adopting the cloud for storage, computing power, and big data analysis. Cloud vendors have popped up everywhere it seems, from the tech giants everyone knows to plucky startups. Perhaps you’re considering using a cloud provider as well but worry about handing over data that’s vital to your operations as an organization. So the question over how much you should actually trust a cloud vendor arises, and it’s a difficult one to answer.
Much of the worry simply comes down to data security and ownership. The number of data breaches throughout the world is on the rise, making for many nervous businesses. The act of moving data to the cloud is itself placing a lot of trust in a cloud vendor’s ability to protect it. This is one of the main reasons why companies have been reluctant to transition to cloud computing in the first place. Cloud providers have of course realized this and have made great strides in improving their security features, but distrust still remains.
Is this mistrust merited? Let us look at it from a data security standpoint. Many people believe that data in the cloud is less protected than data kept on-premise, but that isn’t always the case. Many cyber criminals view data kept on-premise as an easy target in part because most companies don’t have the resources or funds to secure their data adequately. Placing data on the cloud may actually keep data safer than if it were kept within on-premise systems because providers view data protection as one of their primary responsibilities.
That doesn’t necessarily mean you should implicitly trust a cloud provider. Cloud vendors are businesses after all, and even within tightly controlled environments, employees may still do unethical things. Take, for example, the instance of Google engineers being fired for accessing customer data without authorization. The provider may feel strongly about safeguarding data, but employees may act differently.
Now you may be tempted to think cloud providers should be avoided entirely, but using the cloud doesn’t always mean placing all your trust in a vendor. There are certain strategies you can enact that won’t require trusting without question. Many providers use data encryption as a way to protect data on the cloud, but some allow the use of a service where clients are the only ones to hold the encryption key. This is sometimes referred to as bring your own key (BYOK), and basically works by giving you the key to the encrypted data, while the provider has no such key. So even if the vendor or an outside attacker were to gain access to the data, they wouldn’t be able to read it.
All of this is related to the old principle of trusting but verifying. By entering into a business relationship with a cloud vendor, you are trusting them to an extent, but verifying their promises should be on the agenda. For example, many cloud providers try to lock-in their clients with extended contracts that penalize in the event the client wants to leave. Before signing a contract, you should always investigate what’s in it, while also checking on the reputation of the provider. After entering into a contract, always know who has control over access to your data and what would happen to it in case of emergency or government inquiry. These are basic questions that shouldn’t be dismissed and require clear, straightforward answers. If those answers aren’t forthcoming, there may be reason to distrust a provider.
So how much should you trust a cloud provider? Probably only about as far as you can throw them. Vendors know their reputation rests on the service they provide and data protection they offer, but there’s no harm in checking and double checking that they are holding up to their promises over what is cloud computing. Businesses who place complete and total trust in a vendor face potential disappointment or worse. Never take anything for granted and verify at all points, and you should be in a good position to work well with any provider. | Images via Shutterstock
