As cloud computing becomes the standard for business systems, safeguarding highly confidential client and company information is paramount to your firm’s success. Fortunately, cloud providers have responded to early security concerns, and most cloud solutions offer data security second to none. This article shares some considerations, along with a free webcast on the subject!
Ensuring your cloud provider has the high level of security you need to maintain your information integrity is simple if you ask potential cloud service providers the right questions. Recent publications, such as CIO Magazine’s article, “9 Things You Need to Know Before You Store Data on the Cloud,” and Thomson Reuters’ white paper, “Making the Leap to the Cloud: Is My Data Private and Secure,” provide many recommendations to minimize cloud security risks.
What should you look for in a cloud vendor when it comes to data security?
- Tier 4 data centers: according to Thomson Reuters, a provider that offers Tier 4 data centers is a good benchmark. These types of data centers offer built-in redundancies for protecting sensitive data.
- Multiple backup data centers: providers with multiple backup data centers can ensure uninterrupted service in case of infrastructure failure, which can be critical for time-sensitive issues. Additionally, storing data in multiple data centers or regions around the world can help your firm survive local and regional outages, with access to your applications from another location.
- Assurance that the vendor’s employees understand how to protect the client’s data: Thomson Reuters asserts that it’s important that the vendor has a set of procedures in place to maintain your data security.
- A notification system in place in case of security breach: make sure the provider has a protocol in place to inform your company immediately in the event of a security breach. Also determine if your provider has had a security breach in the past, and if so, what measures have been taken to prevent this from happening again in the future.
- Identify your data security support team: request information of the staffing for data security and privacy, along with the training program and procedures.
- Top-level facility security: ask what type of security is in place. Is it a badge-accessed facility with cameras everywhere? Ask for a copy of their security policies? Thomson Reuters also recommends requesting a tour of the cloud vendor’s facilities which can highlight the data center’s physical security capabilities and technology. Be sure data centers are not easily accessible, and that access can only be obtained by authorized agents that are verified using biometric measures such as fingerprints or retina scans.
- Anti-data theft measures in place: confirm that the latest application security such as firewalls, anti-virus detection software, data encryption software and administrative controls are installed to ensure state-of-the-art information protection.
- Third-party security audits: ask the data center for security audit reports performed by third-party consultants.
- Redundant power supplies, internet connections and hardware: confirm that your cloud provider will be able to fully retrieve and access data without interruption.
- Private cloud computing services: these applications should only be accessible to both the cloud computing provider and your company.
How can I access my data?
While a key advantage of using cloud systems and/or software is real-time, 24/7, and remote access, this also presents potential security issues. Limiting access to data is also a concern. To address security concerns, companies often limit access to certain information by employees, as well as support personnel.
Ryan Risley, CTO of Brittenford Systems, a Reston, VA-based cloud solution provider, believes data security issues that are often overlooked are related to internal processes, integration points, and access roles. Risley recommends tight controls on subcontractors, data integration security and user decommissioning. Risley adds, “While data governance has always been a top focus, there is a misconception that an internal network administrator can provide greater security than a cloud solution provider that invests millions in data security.”
Disaster Recovery and Business Continuity
Pete Lamson, senior vice president at storage provider Carbonite, says you should find out how quickly you’ll be able to restore your data if a data loss or disruption occurs. He adds that you should inquire as to what the restore process looks like and what kind of support you can expect if you have any data loss issues.
Aaron Saposnick, Infrastructure solutions consultant, SWC Technology Partners claims that backing up data is easy, but restoring data can be difficult and costly–some vendors charge extra for these services and it’s good to know this information before you sign up for a vendor’s service.
Want to learn more? Register for a FREE webcast sponsored by Brittenford Systems titled, “Security Considerations for Implementing Cloud Applications,” scheduled for October 29, 2014 at 11:00 AM EST.