Whether your credit union is already using the cloud or isplanning to during the next year, data security should be one ofyour main concerns.

After managed security services, handing off your data securityto someone else is paramount for anyone involved in securing acredit union's data.

Many credit unions are moving their email to cloud based hostedsolutions – Google, Microsoft, and many others offerthis. Your workstations will connect to a remote server usingan encrypted channel to download e-mails.

Virtually, you have your own server and your own disks. Butphysically, your data is stored in the same disk with many othercompanies' data and emails.

Some consideration must be given to how this data is protected,and not only from hackers.

Assume you have your own server in house. When the email isstored on that server, it's under your completecontrol. Assume that one of your employees does something thatrequires law enforcement investigation and for that reason you needto hand out your data.

If a law enforcement officer shows up at your doorstep without acourt order, you can (and likely will) decline to hand over anydata. You are not obliged in any way until there is a courtorder.

Assume now that you are hosting that data in the cloud; say youremail is hosted with Google. Do you really think that theywill take care of your data the same way you would? I wouldhope so, but I must be skeptical; after all, why would theyanyway?

Now think of that same data stored on that same disk, sharingspace with another company. Someone at that company isinvestigated and their data needs to be given to theauthorities.

Law enforcement does not take “copies”. They takeoriginals; so they show up and take the disk. So now your datais on a disk that is being used in a legal case against anothercompany you have no ties with whatsoever; it is no longer stored inthe privacy of that data center. You don't even know where itis and who is reading it anymore!

And what if the legal case if coming from another country? Whatif that disk is being handed over to Scotland Yard? Now yourdata is not only on a disk used in a legal case that is not yours;but is not even in the U.S. anymore! And you have no controlat all!

Is this something you should be worried about? It dependson how sensitive that data is, how damaging it would be if it endsup in the wrong hands – be that the competition or thepublic!

The answer can't be the same for every credit union; this is aconsideration each credit union needs to make based on severalparameters, but ultimately the most relevant of all is “whathappens if the data ends up in the wrong hands”?

That question is the general question of security and is thereason why we have security in the first place. Moving yourdata to a hosted solution only adds to the uncertainty surroundingthe security of your data, as it adds another layer of possibleloss.

Pierluigi Stella is chief technology officer atNetwork Box USA in Houston, Texas.