Transitioning To The Cloud: Who Is Responsible For Protecting Your Data?
Published on 22/01/2019
There are substantial benefits to be realised by businesses of transitioning to the cloud and utilising critical applications delivered through a SaaS model, these include:
With larger budgets and higher stakes, the security found at your hosting providers data centre is likely to be far more substantial than your business premises.
Utilising cloud-based applications can allow you to make your business more efficient which in turn could provide significant cost savings versus a traditional on-premises model.
Using SaaS applications gives your organisation the ability to access business critical applications on any device from anywhere in the world and means your business is no longer restricted by geographical location.
SaaS applications are generally cheaper to procure than their installed counterparts and they don’t have significant infrastructure requirements, further reducing their overall cost.
Whilst there are significant benefits associated taking your organisation to the cloud, many businesses are still transitioning to hosted applications without fully considering the implications.
With traditional on-site applications you can easily back up your data each day, week or month and then archive for the required retention period. Also, as this is all completed in-house, you know where the data is backed up, making it easy to access when required.
However, when using SaaS applications, you can lose this control over your data as it is now stored on a hosted platform in the cloud. It is also unlikely that your data is automatically backed up, as the hosting provider will only do what is necessary to meet their contract obligations and in many cases, the data is solely your responsibility. As the data controller, you are responsible for what you put into the cloud environment. You also must ensure that any legal considerations are taken into account when storing information on a shared or public cloud infrastructure.
Also, if your developer were to fail or didn’t pay the hosting provider for whatever reason, the server or virtual private cloud instances hosting your application would simply be switched off and you would lose access to both your application and all associated data with little to no warning.
In transitioning to the cloud there is also the additional issue of the security of your Personally Identifiable Information (PII) and the GDPR implications if it was breached. Although you no longer have direct control over the storage of the data, you are still the data controller in the eyes of the law and are liable if your data is lost or stolen. However, if you can demonstrate that you have taken reasonable and adequate measures to protect your data, the ICO will take this into account in the event there is a GDPR breach.
An effective measure you can take to ensure your data is backed up regularly to protect your organisation against the threat of vendor failure and ensure you retain access to the most up to date version of your applications data is to adopt a SaaS Escrow solution.
Under the terms of the Escrow Agreement, your developer can deposit a backup of the application data alongside the source code in Escrow and update these data backups as frequently as the data changes. This ensures that in the event a release clause is triggered, not only do you have access to source code to rebuild the application, but also the most recent copy of the data, helping you to get your business back on track.
As we have discussed, you are the data controller and the responsibility for the security of your data is up to you, even if the data is no longer stored at your business premises. If you would like to discuss how SES’ SaaS Escrow solutions can help improve your business continuity, please get in touch to speak to one of our specialists.
© SES Secure Limited and ses-escrow.co.uk, 2019. Unauthorised use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to SES Secure Limited and ses-escrow.co.uk, with appropriate and specific direction to the original content.