There has been a rising level of comfort in the business use of cloud based services and industry professional Pravin Kothari wrote on The Guardian that there are still concerns about security and privacy. Especially in industries such as banking, government and finance, there are worries that cloud computing solutions may not be up to snuff for holding sensitive data.

"Though the risks – from malicious hacks to insider threats – can seem high, a holistic approach to cloud information protection can help companies reduce the risks of adopting the cloud," Kothari wrote. "First is the discovery stage. Before you can protect information in the cloud, you need to know where it is and who has access to it."

Businesses need to ensure they can monitor access to their information in the cloud, understand how regulations may affect where data is stored and know where the provider's data centers are located. Before working with any given provider, organizations must be sure they are comfortable with the location and how information can be accessed.

After figuring out which provider to work with, Kothari said the company needs to figure out which tools it will have in place to better handle cloud security. With options such as encryption, data loss prevention and malware detection, there is surely no shortage of what can be used, but it is up to each company to do its own diligence in deciding which safeguards to implement. By embracing the cloud and keeping security in mind, Kothari wrote that businesses will safely be able to extend their cloud {digital?} perimeter and still be able to fall in line with privacy rules.

Peter Wood, a network security writer for Computer Weekly, spoke with Robert Richardson, director of the Computer Security Institute, who said organizations need to know where data is, prove that it is being protected and figure out if anyone will be able to access it. While much of this burden is on the cloud based services provider, organizations are not relieved of their own duty to protect sensitive information through good governance and policies.

"You must also ask for proof of their staff vetting and management processes, as well as their technical infrastructure," he wrote. "They must be able to assure you of their data security controls, such as encryption of data, both in transit and at rest."