Data security persists as one of cloud consumers’ biggest worries. It’s an issue deserving of attention since the mishandling, loss or abuse of data can ruin a company.
Cloud data storage can be not only safe or safer than on-premise storage. It can be more cost effective as well. It all depends on the provider. Once you have clearly defined data security policies and practices, then you are ready to look for an outsourcing partner.
Building a data center to serve the many as opposed to one has inherent cost efficiencies. The more complex and demanding the data protection requirements, the more that savings can accrue from outsourcing versus provisioning and maintaining data in your own infrastructure.
Regulatory compliance – HIPAA/HITECH or PCI DSS, for example – is a big concern. Having a data storage service provider that invests time and resources to be audited for various regulatory requirements means you don’t have to, saving potentially tens of thousands of dollars each year.
Things to look for in a trustworthy data storage provider include:
- Credentials and experience to handle and manage data according to data governance and regulatory compliance requirements
- Mission-critical IT infrastructure with fully redundant networks and systems that are first-rate and rigorously maintained
- Demonstrable logical and physical security policies and practices
- Technical expertise and staffing that are second to none
At Peak 10, our systems are audit-ready for customers who need assistance in meeting the requirements of many certifications and regulatory demands. Unlike off-the-shelf cloud solutions, we tailor ours to meet customers’ specific topology and service-level needs.
Even though it’s not required, Peak 10’s network of strategically located data centers are SSAE 16 audited and will continue to be as the AICPA updates SOC certification requirements. We provide the SSAE 16 services auditor with a written assertion that our system description accurately represents our organizational “system.” The description consists of the services we provide and all operational activities that affect our customers. In addition, we must also assert that the description honestly describes our control objectives and the time period in which they are meant to be evaluated. In other words, we walk the walk and talk the talk.
It’s not that the cloud is incapable of securely and cost effectively handling critical data but, rather, that many cloud service providers are.