Silka Gonzalez CEO Enterprise Risk Management

Businesses large and small have embraced the convenience of Cloud computing as a way to save money and improve efficiencies.   But what is the real cost of such “savings”?   According to Enterprise Risk Management CEO Silka Gonzalez, “Not all cloud computing services are created equal.” 

Miami-based Enterprise Risk Management, an IT and security consulting firm has this advice,  “Know who you are working with and do your due diligence before you migrate your data to the Cloud.”   

“Larger Cloud providers should have the resources to provide strong IT security around the technology, right down to their own employees,” explained Gonzalez. “Smaller providers may not be able to offer the same level of comprehensive risk management.” In addition, most Cloud service provider agreements specify that the organization itself is still responsible for their own internal IT security.

Gonzalez recommends you start with these baseline questions and then ask more:

• Who has access to your confidential corporate information?  
• Where does the data reside?  
• How will the Cloud impact E-Discovery?
• What happens if you need to migrate your data to a new provider?  
• How would a security breach be handled?  
• What about liability, intellectual property and data jurisdiction?
• Does the Cloud provider  meet all regulatory compliance standards?

The Florida Bar Professional Ethics Committee recently joined other states in publishing a  proposed Advisory specifically related to Cloud computing and the ethical obligation of lawyers to understand the technology they are using and how it potentially affects client data confidentiality.

Ms. Gonzalez concluded by recommending that companies bring in someone who specializes in IT security, understands Cloud computing, is familiar with IT service provider agreements, and is up to date on regulatory compliance.  “It’s a lot cheaper to do your extra due diligence up front than to try to fix the problem after it occurs.”

Enterprise Risk Management, Inc. (ERM) is cyber-security and IT assurance services firm. ERM offers the full range of services  to help organizations meet the continually changing and complex demands of cyber security.