For enterprise businesses migrating to third-party computing, the forecast is cloudy with a 63% chance of a data breach.1
While migrating to the cloud provides a number of significant benefits including the ability to off-load network maintenance, data storage, and security, it still carries the vulnerabilities of any third party with access to your data. As many as 63% of all data breaches have been linked to third-party suppliers and contractors, like cloud providers.
Prevent. Mitigate. Transfer.
While the risk of granting access to your data is great, most enterprise businesses - as many as 70% - are still migrating to the cloud.2 If you’re one of them, you’ll want to consider the following cloud migration best practices.
- View cloud migration as a business – not an IT – issue. Because the potential ramifications of a data breach are great, i.e. sinking shareholder prices, reputational harm, business interruption, notification of breached individuals and more, moving to the cloud is a C-suite decision that shouldn’t be deferred to the IT department. Consider all the pros and cons – just like any other business decision.
- Know that your liability still remains in-house. While cloud service providers do have security firewalls on their cloud, they are not providing you with indemnification for their own errors and omissions. This is true even if you’re using Apple, Microsoft or Google as your cloud provider. When indemnification is written into your contract, know the monetary amount will be capped - usually to the cost of the contract. This amount won’t be enough to cover the expenses you’ll incur with a data breach.
- Negotiate the right cloud service contract. When negotiating with your cloud service provider, bargain for the greatest indemnification privileges they’ll agree to in order to shift as much of the liability away from your business as possible.
- Transfer your risk to cyber coverage. For the risks, your cloud service provider won’t assume, purchase your own, stand-alone cyber insurance policy. Because there is no standard or form cyber policy, each one must be negotiated individually based on your business’ unique risks and cloud use. A cyber policy will cover: a privacy attorney, legal fines, a forensic investigator to determine breach location, costs to restore your data and recreate data assets that were stolen or corrupted, notification of victims and most importantly, business interruption coverage.
Contact your HUB Cyber Insurance specialist for more information about how you can safeguard your data when migrating to the cloud.
1https://www.inc.com/adam-levin/want-to-avoid-a-data-breach-start-by-taking-a-close-look-at-your-vendors.html
2https://www.techrepublic.com/article/69-of-enterprises-moving-business-critical-applications-to-the-cloud/