Chances are good that your data is safer in cloud-based storage than inside your own company. The more challenging aspects can be getting data safely to the cloud in the first place and safely retrieving it when you want it.
Threats to data are much the same regardless of where the data reside. In addition to malicious software and unauthorized access, environmental threats and technical failures can result in compromised or lost data. A reputable data storage provider is likely to have better security and best-practice maintenance procedures against all these threat vectors. Confirming that it does is key to ensuring your data will be safe.
Before doing that, however, here are a few things to consider about data security in the cloud.
- Inventory your data and classify its relative importance to your organization. Is it subject to government regulation and compliance requirements; does it contain information about employees, customers, or other individuals that could cause harm if stolen; is it intellectual property or strategic information critical to the success of your business? How often will you need to access the data and how fast? Knowing this is the only way to determine if a potential storage provider has the capabilities and credentials to be your partner.
- Review your data access control policies and privileges. The fewer people who have access to your data, the more control you have over it. The same will hold true for the employees of the provider; some access will probably be necessary, but who and how much must be thoroughly explored, explained and agreed to.
- Know how people in your organization actually use the data, and what effect cloud data storage could have on workflows and/or productivity so that those issues can be addressed.
- Data on the move is particularly vulnerable to attack. Apply the strongest encryption you can to in-flight data knowing that, while encryption protects, it can also slow access and retrieval. Also, explore the encryption practices of prospective vendors.
Safe, Safer, Safest: Choosing the Best Vendor
Asking the right questions can help verify that all advertised security measures are truly in place to ensure the safety and security of your information.
A great place to start with security and compliance audits. SAS 70 or SSAE 16 audits, for example, examine a vendor’s controls and processes to ensure they comply with regulatory standards for securely handling, storing and transmitting data. Having PCI-DSS and HIPAA-compliant data center operations demonstrate true commitment. A successful audit serves as validation of due diligence in protecting their customers’ information security interests. Ask to see the reports and be sure your own concerns are addressed. Find out:
- Where and how is data stored and backed up
- How they maintain system availability in the event of a disaster
- What happens if the data center catches fire?
- How often are backup and recovery plans tested?
In addition to protecting against loss, the vendor must help protect your data from unwanted access. Firewalls, monitoring and intrusion detection systems make it difficult for a hacker to steal information, but they don’t guard against an unauthorized person walking out with backup tapes containing your information. Entry and access controls to their data centers should include limiting and monitoring their own employees’ access to your data. Again, it can’t be stressed enough, inquire about encryption options.
A good vendor will be able to address your questions to your satisfaction. The best vendors will work with you to truly understand your business and your requirements in order to design the most secure, effective data storage solution matched to your needs.