Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Data Integrity Challenges and the Cloud

DZone 's Guide to

Data Integrity Challenges and the Cloud

Moving applications to the cloud comes with some risk, but following ALCOA+ principles and having a relationship with your CSP can reduce them significantly.

· Cloud Zone ·
Free Resource

Data Integrity is not a new concept. It has been around since paper and ink were the only ways of doing business. The requirements for electronic data are equivalent to those for paper data. The FDA Glossary of Computer Systems Software Development Terminology defines data integrity as “The degree to which a collection of data is complete, consistent and accurate.”

To assure data integrity good documentation practices and the ALCOA+ principles apply:

  • (A) Attributable: The data is attributable to the person(s) and /or system(s) that generated it, and include who did what, why, and when.
  • (L) Legible: For electronic data is permanently recorded and always available for review and retrieval.
  • (C) Contemporaneous: The data is electronically recorded and stored at the time it is generated, with time/date stamps so that the sequence of events can be easily followed.
  • (O) Original: The original source data, as well as copied records, is preserved. Copies, including backup/archive copies, must be verified as accurate and true, preserving the content and meaning of the original, with the data traceable to its origins.
  • (A) Accurate: Whether results are recorded electronically, it is essential that they are generated by validated systems.
  • (+) The data must be consistent, all records must be complete, including any metadata (contextual information required to understand the data) and data must be enduring & available. 
Data IntegrityWhether an organization’s electronic data is stored on internal servers or in the cloud, the ALCOA+ data integrity principles apply. The challenges associated with preserving data integrity are many, but specifically, in the world of cloud computing, data integrity is one of the biggest challenges to overcome.

When an organization outsources its data and applications to the cloud, they are handing over control. Will the data be safe and secure, protected from loss or damage and protected from unauthorized access or manipulation?

It is important to remember that the overall security of any cloud-based system is only equal to its weakest component. Can the Cloud Service Provider assure that there are controls to prevent data loss or manipulation? What will happen if there is a data breach/data hacking incident? Where will the data/application be stored? How will the security of interfaces be assured? Will the access to the data be by authorized personnel only with full audit trail availability? Will there be multitenancy in the cloud? Based on this, the vetting of potential Cloud Service Providers needs to be diligent and robust agreements should be implemented to ensure appropriate controls, checks and balances (e.g Validation, Backup, Disaster Recovery, Access Controls, Audit Trails, etc) are in place to assure data confidentiality, data integrity, and data availability. 

A cooperative relationship between the cloud service provider and the organization is key to assuring that data integrity is preserved for any data and/or applications stored in the cloud. Once this relationship is established, maintained and monitored, and appropriate checks and balances are put in place, the data integrity challenges associated with "moving to the cloud" should not be so great after all. In fact, compliance delivered at the cloud level can be hugely instrumental in future-proofing the business models of highly regulated companies – those in life sciences, connected health and many other sectors.

Topics:
cloud ,data integrity ,cloud service provider ,alcoa+ ,cloud security ,data security

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}