Information security in the cloud remains a big concern for HR leaders who need to manage employee-related data. Breaches of employee data not only create regulatory problems, but also negatively impact an organization's reputation. Additionally, breaches break the trust between organizations and their employees, who have a justifiable expectation of privacy.
HR leaders should work closely with their CTOs/IT teams to ensure that the advantages of the cloud are optimized, while the risks, especially in the area of employee-related data loss, are managed appropriately.
Benefits of the Cloud
Storing data in the cloud allows your firm to put all its data in one central location that can be accessed easily by all your people, no matter their location.
The cloud can also save an organization money by making IT capacity available as you need it. So instead of investing in more IT infrastructure than you need, the cloud lets you pay for only the capacity that you actually use.
The cloud can also enable your in-house IT team to spend less time maintaining expensive internal infrastructure and systems and more time on strategic functions like planning ahead for future IT needs.
Migrating data to the cloud, however, is not without risk.
Risks of the Cloud
By migrating to the cloud, you can introduce a host of new risks to your data. For example, your account could be hijacked or malfunctioning application programming interfaces could leak information, according to InformationWeek.
The risks associated with data cloud storage can also have serious financial consequences. For example, according to a survey of 350 organizations by IBM and the Ponemon Institute, an information security research firm, the cost of data breaches was over $3.79 million in 2015, a 23 percent increase over the previous two years.
So although storing all your employee-related data in your own in-house infrastructure may be more expensive and time-consuming, it can offer you the assumption that the data is more secure compared to storing that same data on the cloud.
Or does it?
There Will Always Be Some Risk
Making data accessible is both the advantage and (security) disadvantage of the cloud. Yet the risk of data breach remains in both cloud and non-cloud environments. Keeping your employee-related data in-house is no guarantee that an employee or supplier won't compromise your data security, either intentionally or accidentally.
In a 2015 cyber security survey conducted by the Association of Corporate Counsel, a long list of possible risks were outlined — phishing, malware and lost laptop or device, for instance. But the survey concluded that the primary risk to your organization's data comes from the same place as some of the data you're trying to protect: your employees.
The Hybrid Cloud Option
One possible solution that's growing in popularity is the hybrid cloud, which allows organizations to store some of its mission-critical, employee-related data on its own infrastructure while pushing other IT systems to the cloud.
According to Business.com, the hybrid cloud option gives businesses the flexibility to maintain their secure employee-related data on a dedicated in-house server, but still leaves room for the high performance and scalability advantages that come with the cloud. A hybrid cloud solution could support the security of your HCM and compliance systems, as well as offer integration and connectivity to your big data/predictive analytics information
The Way Forward
Migrating to a cloud, and doing it in a way that appropriately protects employee-related data, will require you to work closely with your CTO to understand your current IT capabilities, desired outcomes and future initiatives.
You'll need to decide which systems to keep in-house and which can migrate to the cloud. To properly inform your decision, you should perform the appropriate due diligence, both when selecting your cloud-solution vendor and when integrating data security concerns into the service level agreement (SLA) you negotiate.
Information security in the cloud should be at the forefront of any data migration process and should only increase in importance once that process is complete.
SIGN UP FOR THE SPARK NEWSLETTER