Navigant's Cyber Risk and Information Security PracticeLearn More


How to Protect Your Data in the Cloud13 January 2015

Academia, Cloud Storage, Financial Services, Healthcare, Non-Profit, Policy Development

We live in an age of convenience. Information can be shared easily across an entire organization with just a click of a button. With data storage options such as Google Drive, organizations have increased efficiency and convenience across all departments. But with this added convenience comes new security concerns. While organizations can now easily access shared files, these records may no longer be as secure as the organization may believe.

This is why it is imperative to manage the copious amounts of data that your organization has and clearly define what can and cannot be stored in the cloud. Data management is a crucial aspect of data security, and it is the responsibility of every department in your organization.

Effective data management starts with knowing what data you possess, who owns it and who should have access to it.

Cloud storage is often a good thing. Certain information within an organization is less sensitive than others, and therefore doesn’t need to be kept under lock and key. For example, the company holiday schedule or the Sales Team’s contact information could be seen by outside parties and would not cause any harm. In fact, your organization may already have this information displayed on your website.

However, certain records, such as financial records, employee personally identifiable information (PII) and sensitive client information, need to be kept out of reach of bad actors. By clearly identifying all of the different types of data you hold, you can make decisions on what needs to be secured, what can be shared on the cloud and everything in between. Segmenting databases by confidentiality and associated access levels helps you better safeguard your entire network from a data breach. This also allows for the convenience of sharing certain information, while still protecting the secured records.

Data management policies and procedures are essential to the security of every organization. If an employee accidentally puts something confidential in the cloud, and there are no written policies that show that the employee did anything wrong, the company is liable. A policy that addresses how each type of data is to be stored better secures records—and serves as a shield to any legal disputes that could result from a breach.

While the right data management policies are crucial, they mean nothing unless they are written down and communicated to your employees. You cannot assume your employees know what they can and cannot share through cloud services such as Google Drive.

How you communicate your policies is important. Employee handbooks are often left unread. It is safe to assume that data management policies can likewise be ignored without a conscious effort from the executive team to emphasize their importance to the entire organization. Data management, policy implementation, and routine employee training are three major components of a sound cyber-security ecosystem that every organization can do at very little cost.

In today’s hyper-connected world, every organization is just one data breach away from being a leading story on the news and social media, which can severely damage its reputation and brand. How can you protect your organization’s sensitive data? Download our one-page guide, “The Best Practices to Protect Your Organization’s Sensitive Data.”

Work With Us Learn How