Visit our Website  







Cloud Storage – The First Line of Defense is You 







With the rising popularity of cloud storage, and its ever-increasing versatility, it’s no surprise that organizations have jumped on the cloud bandwagon. Whether the move is to optimize capacity, provide 24/7, 365-day access to data, back up essential information, or improve collaboration between users – cloud computing has become a staple of many organizations’ operations.


Security of data is one of the key concerns raised by many when considering whether to move to the cloud. Organizations have to trust the security of their sensitive business data to third-parties, meaning data and privacy settings are beyond their control. Once a decision has been made to utilize the cloud, the next step is to make sure the right processes and tools are implemented to ensure data is moved and controlled in the cloud in a suitable manner associated with its sensitivity.


Jonathan Gossels, President of System Experts, a network security consulting firm specializing in IT security and compliance says, “The best way to secure sensitive data is to do the basics well (like blocking and tackling in football). Understand what is sensitive in your data, set rules for handling it, implement technical controls to ensure it is actually handled properly, and educate your user about their role in keeping it safe.”


The first step in being able to control your data is to understand what is sensitive in your data. Each application that moves to the cloud should be audited to determine what type of data it holds and what sort of protection it requires. With these classifications in place, you can determine what controls need to be put in place to protect and manage that data when it moves to the cloud. Such controls can simply restrict user access rights to certain individuals, set up multiple tiers of access privilege, set encryption, activate “significant change” notifications for things like password changes, or impose document level restrictions on the ability to view, print, download or edit documents.


Lastly, address the human element. Employees need to be acutely aware of the security policies, trained in the proper application of the policies and understand their personal responsibilities and accountabilities for protecting the organizations data – including personal devices (Bring Your Own Device). BYOD has the potential to be a win-win for employees and employers, but also brings significant security risks if it’s not properly managed. Stolen, lost or misused devices can mean that an organizations sensitive data is now in the hands of a third-party who could breach the company’s network.




Additional Resources:












About Us

BCH has a unique approach to advising our clients on how to control their Total Cost of Risk, not simply insurance cost. The Total Cost of Risk (TCOR) includes preventive, direct and indirect costs associated with operating a business. The BCH approach includes collaborating with our clients to create a long range written plan for controlling their TCOR .