If company Trade Inc setups cloud email and cloud server and also uses mobiles and business broadband, if the owner of the competing company let's say RougeTrade Inc. has friends in UK police, he may get to know what Trade Inc is doing for example:
- Log of his company broadband
- Metadata of calls and texts from his mobile
- Access data and databases stored in cloud
And that's assuming Trade Inc has nothing illegal but values business secrecy a lot because he values his customers and as it's in the trade, the competition can be reckless.
My question is what is the estimated and realistic risk of RougeTrade Inc getting onto the police data? I think that would be the factor of basically having:
- Official permission to access this data, so no random person from govt can access it whenever he wants
- Audited access who and what and when, so no access can be made without being logged
- Protection against rouge suggestion or reason to access this data by the police, which is basically court order
And also there's problem with these two:
- Surveillance data
- Cloud data
And also assuming that Rouge Inc could be:
- Privately owned company
- State owned company
I am asking because I am planning a setup for the customer who is not sure whatever he should have Cloud on his own including Email (he has mail there already and it's working OK) or should he move to business Gmail and Public Cloud.
The Trade Inc also processes lot's of confidential documents from customers and collects them into large library. As the security of this data is assured the main problem comes from compromising the cloud itself and basically copying all data with encryption keys.
My fear is that if it's currently small company it may not be taken seriously and there could be several breaches using government agencies as proxies which is not so uncommon after all.