Following your gut instinct, you’d hide your money under the mattress – but it actually makes much more sense to deposit it with a bank and let it earn interest.

Security is similar: Even though you may feel that keeping information in your own systems gives you better control, rationally, it’s the opposite: In the cloud, critical business information is drastically safer – the costs of adequately securing critical data yourself are now far too high. This is especially true in terms of a timely and appropriate response to vulnerabilities and potential attacks.

Infobox_Cloud_09_Links

Evaluate carefully to whom you entrust your critical information. One essential criterion is "size": The bigger IT service providers are, the greater their success depends on a positive image and the more closely they are monitored – security flaws would be immediately punished in the market. Another criterion is "spread": If certain companies already have access to your data, it doesn’t make sense to share these data (except for a backup) with additional enterprises.

Podcast Episode 9 Cloud (only available in German)

Good, trustworthy cloud providers also advertise using relevant certifications and evidence (for instance, cloud security certificates for employees, an ISO 27001 certificate applied with ISO 27017 for cloud services, or an ITIL certificate). Also, check the data protection compliance of the service.

What you still need to do: The user and permissions management for data access will usually not be handled by the cloud provider. Ensure that you always know who has access to what and adjust permissions as needed on a regular basis.

Infobox_Cloud_09_Toptips