Yardstick - Issue 4 2017 - 38
IBM's cloud center in Beijing.
to companies in the Canadian lumber
Ensure that your provider will be able to
provide usable data should your business
be faced with an e-Discovery request
during litigation against your business.
Your attorney should know how to ensure
this request is properly fulfilled.
Ensure that the cloud contract clearly
states that your retail lumber business
retains ownership over all its data and
that the cloud services provider has no
right to use your data. Otherwise - again,
incredible but true - the cloud provider
may try to resell your data to third parties.
Ensure that your legal agreements
extend to the subcontractors hired by your
cloud provider: This is an easy provision
to forget - and could wreak havoc on
your contract if overlooked. You provider
could have stellar security for your data,
for example. But a subcontractor for the
provider could have nonexistent security.
If possible, ensure the person tasked
with handling computers at your business
will be able to meet with the cloud security
chief to evaluate the provider's security
protocols. Also ensure that person will get
immediate notice when any changes are
made to those security protocols.
Ensure that you will be notified if
your cloud provider suffers a security
breach or is hacked in any way: As we've
all discovered the hard way, companies
that suffer breaches are often reluctant to
inform clients that they've been hacked.
Ensure that you're able to encrypt
your data before it leaves your business'
computers: This provision can save untold
headaches. Once encrypted, your data
becomes much less of a problem for you in
the cloud, no matter what goes on there.
"Adding an extra encryption on your
data is a good precaution," Ahern says.
Practice good password hygiene:
Passwords to your cloud interface
should be extremely long and complex
to make it very difficult for hackers to
penetrate your interface. Free password
generators like Random.org Password
for example, will help you generate
of long string of letters, numbers and
special characters that can take hackers
years to break.
Change those passwords regularly and
you're truly Having a leg-up on any hacker.
"We periodically change passwords to
ensure the security of our accounts," says
Josh Zizek, manager, Windsor Plywood,
Ensure your data will be wiped clean
from servers and other computerized
storage devices that are 'retired' by your
cloud provider and sometimes sold-off
to third parties. Otherwise, a server or
external hard disk with all your business'
trade secrets could pop up on eBay, and
be sold to a pimply faced 15-year-old -
or a competitor.
Secure a detailed agreement with
your provider on how your provider will
handle a system crash involving your
business' data. Also secure an agreement
on how a security breach of your data
will be handled. Don't assume your cloud
provider will be diligent.
Monitor the Cloud Security Alliance
(www.cloudsecurityalliance.org): For the
latest ideas and developments in cloud
security, monitor this industry group. It's
specific mission is to work on establishing
international standards for security and
privacy in cloud service agreements. ❱
Joe Dysart is an Internet speaker and business
consultant based in Manhattan. Voice:
(646) 233-4089. Email: email@example.com.
Even state-of-the-art quantum computers - like IBM's Quantum Experience -
are available via the cloud.
YARDSTICK | August/September 2017