Securing the daisy chain

Contracts aren't fail-safe. Here's how to guard your data as it travels among cloud providers and their subcontractors.

It's 2 p.m. Do you know where your cloud data is? Really?

Executives at one large Fortune 500 company thought they knew, but a routine audit of the cloud provider uncovered a serious problem.

"The cloud provider that we thought we had became merely a shell, and it outsourced the provision of the service to an offshore company that no one had even heard of and that the company would never have provided data to," recalls Brad Peterson, counsel for the company and a partner in the Chicago office of Mayer Brown LLC.

Fortunately, the problem was discovered and there was no harm done, but there might have been serious consequences if it hadn't been addressed. "We deal with companies with hundreds of thousands of customers. If a data breach can cost $400 to $500 per customer record and you lose 100,000 records, you've got a huge exposure," says Peterson.

With some cloud computing providers outsourcing underlying parts of their services to subcontractors, who may in turn outsource to others, do you really know who has your company's data or how secure it is? Industry insiders offer advice on how to ensure that every company in that daisy chain is protecting your information.

Security Haves and Have Nots

To continue reading this article register now

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon