According to the report, Capitals in the Clouds Part V: Managing the Risk of Free Cloud Services, states are focused on setting parameters for cloud usage, including putting appropriate controls in place, satisfying requirements for security, establishing use policies, and pinpointing how cloud use impacts open records requests and other legal obligations.
Pennsylvania Chief Information Security Officer Erik Avakian told NASCIO that he discourages agencies from using free cloud storage services due to inherent data security risks.
"Despite definite strides in improving the security of these types of solutions, providers still face security shortcomings and have historically experienced major breaches," Avakian said, adding that data may reside in servers outside of the United States.
"A user's data sits on servers that are shared by many different customers, and this increases the risk of mismanagement, theft or loss of data over in-house managed storage," Avakian noted. In Pennsylvania, agencies are instead encouraged to pursue enterprise storage solutions.
Cloud image from Shutterstock