Monday, November 18, 2013

Here's how you can protect your company against data loss, international subpoenas, and cyber crime.

1. Make sure it's clear in your contract that you own your own data. It may seem obvious, but your contract needs to have a clause in it that says you will still have the ability to access your data and transfer it if your cloud provider goes bankrupt. Also, ask for a notice provision which stipulates that your cloud provider must give you a seven day warning before they declare bankruptcy so that you have ample time to get your data off of their servers. And figure out the successor liability—you need to know what happens if your provider is bought out by another company.
2. Your service agreement needs to stipulate how your cloud provider will respond to a subpoena. It should be written into your contract what your service provider will do if they're slapped with a subpoena or a civil discovery request. Under to the Stored Communications Act, as the data owner--which you should be if you followed step one--you legally must be notified any time your data is subpoenad, but have it in writing with your provider just for good measure. This will give you the 10-14 days you need to file a response in court if need be. Some cloud owners, such as Facebook, have a policy of hardly ever disclosing personal information. Check what your potential provider's blanket policy is before you cut them a check.
3. Your provider needs to make backups of your data and guarantee uptime. Write into the contract how often your provider needs to make backups to your data and to where. It doesn't do you any good if it's on the same server chain in the same warehouse that your primary cloud is stored on. If your provider loses your data, they may be liable for damages, but it doesn't matter: your data is still gone and never coming back. Also, ask your provider to give you guarantees on when your cloud will be available; nothing's worse than having to send everyone home early for the day because the server your cloud is stored on is down for maintenance.
4. Ask for Cyber Risk insurance and look into SSAE16 and SOC2 certification. Not all providers will offer it to you, but ask what their options are in regards to Cyber Risk insurance. It can protect against damages incurred from the inadvertent disclosures and theft of confidential employee or client information. If your cloud provider doesn't have the option for you to opt into it, you can contract your own. SSAE16 and SOC2 are international standards that determine the security, availability, process integrity, privacy, and confidentially of a data server. It's sort of like an audit and a must-have for service-based businesses.

by Samuel Wagreich, INC. Magazine

4 comments:

  1. You have done a great job I hope you will do much batter in the future https://www.mapleprimes.com/users/fundedtraders1

    ReplyDelete
  2. This comment has been removed by the author.

    ReplyDelete
  3. This comment has been removed by the author.

    ReplyDelete
  4. You are providing good knowledge. It is really helpful and factual information for us and everyone to increase knowledge.about professional Data loss prevention solutions. Continue sharing your data. Thank you.

    ReplyDelete