Step 3: Why or Why Not Use the Cloud?
The topic of cloud-based storage solutions may very well arise during this session, which can kick off a discussion about the security of sensitive information on the cloud. Given both the popularity and array of options available for cloud storage services, this discussion on the advantages and disadvantages has been included as a separate step.
In general, using various cloud options to store sensitive data should be avoided if:
•Users can’t get clear details on how a cloud service provider manages and handles their data, or;
•The information they do obtain about a given cloud service make storing sensitive data there risky or unsafe.
Emphasize the need to have a physical distance between the devices storing master copies and backups of files. You may elicit examples for this, such as if there’s a fire, natural disaster, office raid, etc.
Questions to ask during this discussion can include:
- Can the cloud service provider or others access your data or read your information?
- Is your data encrypted as you upload and download it? 3. What kind of encryption is used to store it?
- If they do store it encrypted, do only you have the ability to decrypt the data, or does the company hosting it also have this ability?
- If a cloud service provider can access your data and client software.