~ What are the vulnerabilities of migrating data to the Cloud during M&A activity? Independent IT and business change professional services firm Xceed Group explains ~
When companies merge, combining IT systems is always a headache for IT departments, but migrating data to the Cloud adds a further level of complexity. In these instances, there are three main issues that must be taken into account.
The first is the risk to data confidentiality. In particular, data categorisations (such as confidential vs. non-confidential or public vs. private) are not always taken into account during the migration process and hence categorisation models, and therefore security, can be broken. This may also introduce legislative compliance issues that exacerbate the problem. Additionally, the use of staging or data translation technology as a middleman for the transfer of data could, at least temporarily, remove all access restrictions to that data. There is therefore a risk that confidential data will become exposed to project teams or externally. Any data ‘leaking’ into the public domain can result in massive reputational damage which will lead to substantial financial implications to an organisation.
As well as confidentiality, companies must also be aware of the risks to data integrity during a migration. For instance, changing storage provider may result in archived or historical records being overlooked and therefore lost. There is again a risk of breaching legislation or standards certifications here. Similarly, data corruption is an issue that does not only occur during the transfer itself. It is possible that flawed data that is recoverable in a company’s current system will not be recoverable in its new post-migration system. In this sense, a migration can amplify existing data integrity problems.
Lastly, legislation around data access and storage differs around the world and it is crucial that companies are alert to the rules that apply in relevant jurisdictions. There is a risk that merging companies will inadvertently move data into a location where the local legislation states that it should not be stored. For instance, European customer data could end up being stored in US datacentres, against the express wishes of some customers. This could cause significant problems if not addressed.
Ultimately, data is an information asset and its value will vary depending on the nature of the data. It is critical that each type of data is risk assessed against a pre-defined threat list that incorporates both the threats during migration and those during on-going hosting. The resulting risk assessment should dictate a mitigation approach. Failing to carry out such diligence is akin to keeping your fingers crossed while crossing the road blindfolded.
We have seen enterprises large and small fall into the above traps. But with the proper preparation and consideration of risks, data migration to the Cloud needn’t add to an IT department’s pain during a merger or acquisition.
– Richard Wiseman is Principal Consultant at Xceed Group