Back to Blog

Cloud Security Got you Down? 5 Things to Look for in Providers

     

Cloud computing has become the way of the world. Computers, mobile phones, wearable devices, and just about everything tech-related all seem to connect to the cloud now. But, when it comes to some company information, it is important to be careful about what is going into the cloud and who is controlling that cloud. This is especially true for contract management software.

 

Contracts in particular contain a lot of sensitive information. There may be sections that explain intellectual property, some regarding manufacturing or production processes, and of course price terms. A lot of the information contained within a company's contracts could serve as ammunition for its competitors and thus must be safeguarded.

 

So, if you haven't taken the plunge and invested in cloud storage for your contracts or if you have a service that just isn't cutting it, here are five things to consider when selecting a provider:

1. Two-Factor Authentication

If you are going to save your company contracts in an online database, it is key that the service takes several steps to limit access. In general, cloud service providers require users to create a unique username and one password. Although this provides some measure of security, it is a fairly basic protection method and may be compromised. To shield the highly sensitive information often found in contracts, it is wise to utilize a cloud service that takes security a bit further with two-factor authentication. This still involves the creation of a username and password, but it also requires a second form of authentication for each user, often through an SMS text code sent to the user's cell phone,  to impose an additional layer of security.

2. Encryption

In addition to requiring multiple authentication measures to access contract information that is saved in an online repository, it is important to encrypt the information that is saved within the system. A solid cloud provider will employ advanced encryption for the data that it houses and will ensure that this encryption occurs when data is both at rest and in transit. This ensures that contracts cannot be read if they are illicitly intercepted.

3. Secure Data Centers

A lot of people probably don't truly grasp the concept of the cloud because it isn't tangible. Even though data seems to be suspended in air, it has to reside somewhere and that somewhere is usually a server at a data center. As a result, it is imperative that companies invest in a cloud provider that utilizes secure data centers and has received the requisite security certificates attesting to its security standards. Plus, just because the information in the cloud seems indestructible, because it is actually on a physical server somewhere, the cloud provider must confirm that it engages in regular back ups of the data it keeps.

4. Permission-Based Roles

More than likely, a lot of employees will need to access contracts or portions of contracts in order to fulfill their duties and responsibilities. However, a company's cloud-based contract portfolio should not be open to just anyone. A security-oriented cloud provider recognizes that some information stored within a central repository requires user restrictions. Thus, companies should look for a provider that offers permissions-based roles, which allows the administrator of the contract repository to assign unique roles for each user. This ensures that employees only access certain items and diminishes the likelihood of important information inadvertently leaking.

5. Activity Tracking

One of the great things about using cloud computing is that it makes it easier to monitor data. Because contracts tend to contain sensitive information and contractual breaches often carry significant consequences, it is crucial that a company monitors its contracts closely, including who is looking at them and when. A cloud provider should capture this sort of activity via user activity tracking, which will allow the administrator to look at who entered the database, when they entered, and what they did while in there.

New Call-to-action