Skip to content

Knowledge Byte: Major Data Protection Considerations in the Cloud


Cloud Credential Council (CCC)


One of the most challenging aspects of moving to cloud deployment is transferring data from your local (on-premises) environment into the cloud.

While there are many criteria to consider when deciding how to implement and leverage file transfer activities within your organization, there are really a few simple areas to focus on:

● Choose a secure protocol such as:

○ SSH File Transfer Protocol (Secure File Transfer Protocol or SFTP)

○ Transport Layer Security (TLS)

○ Secure Sockets Layer (SSL)

● Implement data protection

● Utilize effective encryption technology

● Maximize access controls

● Leverage auditing and reporting functionality

● Adhere to corporate and industry compliance policies

Loss of Control on Data

The biggest risk in expanding existing storage into a public or multi-tenant cloud is a loss of control or perceived loss of control. A minimal outline that an organization should follow for security regulated data in the cloud is given below.

Data Classification

  • Policy: Classify all data according to its sensitivity, for example, regulated, commercial, or collaborative data, to ensure secure and compliant handling.
    • Process: Digitally tag or watermark all data according to the defined categories, regulated, commercial, or collaborative prior to transmission, storing, and using within cloud service.

Data Protection

  • Policy: Protect all data according to its classification level to prevent misuse or abuse of the data.
    • Process:
      • Define data usage contexts and flows based on known business processes and between systems.
      • Regulated and commercial: Encrypt all data at transfer, if required, by regulation encrypt or create defined security groups.

Data Residency

  • Policy: Define the data, residing within cloud contracts (for example, click-through or enterprise agreements) based on geographic boundaries in accordance with the subscribers’ international and local data privacy laws.
    • Process: Define corporate binding rules to restrict data transfer and exchange between systems, sites, and partners per country and regional regulation restrictions.

Data Protection Issues in the Cloud

Some of the prominent issues that are common in relation to data transfer in the cloud are:

Issue 1: The majority of organizations do not have a mature data classification policy, process, or user education schemes for internal use of data.

Issue 2: Most organizations do not have a clean single source of truth for what is their authorized source for data (structured or unstructured).

Issue 3: Moving to the cloud without a data classification policy will only amplify the shortcomings of any data classification policy, process, or procedure.

Courses to help you get
results with

Sorry, we couldn't find any posts. Please try a different search.

Never miss an interesting article

Get our latest news, tutorials, guides, tips & deals delivered to your inbox.

Please enter your name.
Please enter a valid email address.
Please check the required field.
Something went wrong. Please check your entries and try again.

Keep learning


Is Digital Transformation Transforming?

Is Digital Transformation Transforming? 52% believe that, within the next three years, some part of their organization will have fundamentally changed the way it operates...

Pros and cons of working from home: how can we boost productivity?

The COVID-19 crisis gave us no choice in the Spring of 2020: it pushed us out of the offices and transformed our homes into working...

Knowledge Byte: Moving Legacy IT to Cloud Computing

The question of how cloud impacts legacy IT is one that is brought up numerous times, yet often gets little to no clarification. The following...
Scroll To Top