31
Jul

How To Protect The Corporate Email In The Cloud?

Defining a strategy for migration to e-mail requires care. The cloud model used should be in legal compliance with the rules of country of origin of the content.

A matter that should be discussed in detail in the near future is the question of the use of electronic mail in the cloud, the famous cloud. Because this is still a very new issue, there is a specific positioning of the Indian judiciary about the cloud contracts, as well as on the discussion of territoriality.

The use of “cloud solutions” means the application of a model for the provision of software and infrastructure for processing and storing data over a network (internet). The principle of the cloud is virtualization of total and maximum data availability, which is irrelevant to the local access device used. Or is, a principle that defines the juridical model which is still based on physical borders.

Whereas the cloud assumes a world without walls, but despite the global plan, it is still very local – towards the legislation of each country and the very sovereignty of states – there is high concern regarding information security and the possible unavailability of service that prevents access to data as well as violation of specific laws to protect sensitive or confidential data, depending on the type of information and the countries involved (country of the service provider, holder of the contractor’s country information, country of origin of the data individuals or firms).

There is already a range of four models of “Cloud“. The private cloud is owned exclusively by one company, for own use, which holds the control and supports their costs of infrastructure. Already, the public cloud is best known for very low cost and most of the services and web applications are based on it, voice mail, free e-mail to social networks. The cloud community involves a number of companies that meet and come together to share the costs of infrastructure, has been very common in some markets or even group of companies. And the last format, which is the hybrid cloud, makes use of one or more models, differentiating the type of cloud as the degree of security required to be applied to data and legal requirements related to them.

The market

Cloud computing is regarded as the IT solution for the 21st century. According to the study, companies are planning to accelerate the adoption of cloud computing from 10% to 69% of IT spending by 2020 to reduce its energy consumption, reduce carbon emissions and their investments in IT resources, and increase operational efficiency.

Among all Asian countries, India is the leader in the use of cloud computing, according to a study. About 18% of medium and large businesses already use some form of cloud and it is expected that by 2013 the number will jump from 30% to 35%. In addition, a recent survey by Computerworld magazine indicates that the main cloud model has been adopted by companies is private cloud, which is about 60.6%.

However, like all other technological tools, as well as benefits, cloud computing also poses risks and their application should be investigated, especially regarding protection of information and data that will carry over and be stored in a totally external infrastructure. This risk analysis should involve the legal aspect of using the cloud service, since it is necessary to observe laws of the country of origin of the data (not just the company that owns, but also customer) and the countries in which they will be stored or made available.

The e-mail in the Cloud

One of the main reasons to consider e-mail in the cloud is the significant economies of scale obtained with this computational model. Most corporations do not have more than hundreds or thousands of users, while a cloud provider can provide these services to tens of millions of users at the much lower costs – reaching at the limit to zero. Furthermore, due to budgetary constraints, the internal e-mail does not provide large storage capacity to organizations. It is common that one e-internal mail is restricted to 500 MB per user, while one e-mail in the cloud supplies 30 GB. The cost per GB in the cloud is much smaller for economies of scale offered and thus the provider can offer, with minimal cost, greater storage capacity.

However, defining a migration strategy for e-mail in the cloud requires care. In the legal aspect, the cloud model to be used must be in legal compliance with the rules of country of origin of the content (contractor). There are companies who prefer that the data are more easily accessible at the place where they need to meet the demands of authority, supervision and / or audit. There are others that as a matter of risk management of the business prefer the opposite, ie, leave the data in a country other than the country which falls under its legal obligations to prevent the actions of search or other measures even political can easily access company information.

Therefore, the analysis of the territorial issue is relative, depends on how much is the model of corporate governance. Can be either positive or negative have the data in another country, depending on the management strategy adopted by the company. However, one point is indisputable (the protection of data against access by unauthorized third parties). That is, the use of cloud for corporate purpose cannot bring the prerogative or the right to the vendor to also view and use information that is placed on your cloud.

In India, the Federal Constitution and other legal instruments are generic when addressing data privacy and intimacy of citizens and legal entities, being the understanding, the law takes care of specific scope of protection for data that are considered private.

Therefore, one should be very aware of the terms and agreements before joining an e-mail solution in the cloud, especially not to unduly expose classified information, which may be carried forward, unprotected, in the e-mail in the cloud.

The contractor must make sure that the e-mail cloud provider supports their needs and provides assurance and control mechanisms for security, according to the required dynamic cloud environment. Therefore, before adopting the e-mail in the cloud, one must take into account the hidden costs, legal and contractual issues and follow the various recommendations, including security.

Care

For this, the following aspects and best practices should be observed:

  • Define the type of cloud to be used that best meets the aspects of information security (in general, companies have adopted private or hybrid model);
  • Set the territorial limitation of the cloud and countries for greater collaboration in terms of legal matters,  it has restricted the global use of cloud and has avoided the use in countries like China and Iran ;
  • Choose the right solution provider that already meets other clients with similar requirements (usually free services do not meet the security requirements of information required);
  • Develop a contract shielded (to avoid mere translation of drafts in a foreign language, must adhere to the laws of the country of origin of the contents), with detailed and SLA Contingency and Continuity Plan (considering digital blackout scenario);
  • Make use of strong authentication and data encryption;
  • Create an awareness campaign of the teams before the implementation of the solution for guidance on using encryption and other essential care for safe use of cloud;
  • Make permanent monitoring of the cloud and the internet in general for rapid identification of incidents.
ESDS

Leave a Reply