The terms of a cloud provider’s service-level agreement (SLA) normally states that the provider accepts no liability for data breaches. This is understandable from their perspective because the cost and effort to manage and track everyone involved in the hosting and use of the servers would be incredibly challenging. The bottom line is, when there is a data security breach, the cloud provider is not at risk but your company is.
Many regulations and laws, such as HIPAA, require that access to private data be limited to the minimum number of necessary data fields required for a specific purpose. This level of granular detail is not a function of the cloud, but instead a function of the cloud-based application. Many such applications, particularly if they were originally designed for more general-purpose use, are not capable of meeting such compliance needs.
Moving data between secure systems and data bases can create points of greater risk or exposure. Standardization can help solve this problem, but we find that a large number of of system interfaces are still custom-built and often lack security that is as robust as the applications themselves.
Follow Wilson Technology Group on LinkedIn, Facebook, and Twitter.