Almost every leading software and hardware provider is actively promoting their cloud services. Cloud services can offer users greater access, functionality, and reliability, so it is a logical step for most providers to make. For the consumer, however, there are important questions that must be asked to ensure that the data you are uploading into a cloud service is secure.
Most of us are not experts and don’t know what questions we should be asking to ensure that our data is safe and is being stored where we think it is. The following are five questions you need to ask if considering a cloud service provider.
What Sort of Data Assurances Will You Require?
You need to consider more about your security needs than simply approaching cloud security with the idea that you need security. It’s important to assess exactly what the impact of a data breach would have on your business, clients/customers, and any of your partnerships. Establishing this will provide you with a guide on what to demand of a provider. Issues of protection levels, availability, and confidentiality should be stipulated very clearly in a written contract with a service level agreement.
Are The Providers Transparent?
You need to ensure that the provider of the cloud service offers transparency, but at the same time you need to ensure that they’re not too transparent. Your provider isn’t likely to give you a tour of their data centre, nor will they just hand over firewall configurations, but you also don’t want a provider who is being that open with access. After all, if they’re giving you that level of access, who else are they providing it to?
Your cloud service proviser should be able to confidently inform you of encyption methodologies used, provide information on ‘penetration testing’, and share third-party reports on the security of their service
Do They Have an Obvious Commitment To Security?
If your cloud service provider openly talks about the security of their data, it is a sign that they’re not hiding or running away from the subject. That’s a positive sign. But be prepared to ask further questions: Do they have a dedicated security expert? Does the service meet the widely recognised ISO 27001 standard? Which country is your data being stored in?
On that last point, from a security perspective, where data resides isn’t as important as the implemented security technology. However, there is a peace of mind that comes with knowing that the data is being stored in the same country where you live, adhering to a legal framework that is familiar.
If the service provider can immediately provide documentation to you that can comprehensively answer your security concerns, while providing additional information on other security matters, along with third-party audit reports, this speaks well to their commitment to security practice.
How Prepared Are They For Unexpected Disasters?
The level of security a data centre is meaningless in times of a natural disaster. If your cloud provider is using a single location for their data storage, it places your service at the mercy of unexpected events like fires or weather-related disasters. A good example of this was during Hurricane Sandy in New York in 2012 where the large-scale weather event knocked out service to globally recognised websites like The Huffington Post, Gawker, and Buzzfeed.
During that same storm, there is the great story of hosting provider Peer 1 who kept their servers running with diesel-powered generators. Peer 1 host services like Squarespace and Fog Creek, so when the diesel began running out and they couldn’t get a pump to work, Squarespace and Fog Creek staff joined Peer 1 staff in forming a humain chain to get buckets of fuel from a truck on street level up to the floor hosting the generators.
While that makes for a great story, it does highlight the problem with using a single location hosting provider. A major disruption at the physical location of your server has the potential to take your service online, disrupting your customers access.
Enquire about your providers disaster recovery policy. Many providers will likely be reluctant to provide detail on where their servers are located, but they should be able to provide some indication on their disaster strategy.
Are Your Own Passwords Secure?
The most secure cloud service is rendered ineffective if you let down the security by not securing your own passwords to the service. As with your own personal passwords, it is important to use passwords that cannot easily be guessed. Passwords with a combination of letters, numbers, and characters provide stronger security. If using a password that cannot be easily remembered, it is important to make sure it is filed somewhere that cannot be easily accessed or seen. A password stuck to a computer with a post-it note is not a safe approach – with visitors to offices, mobile phones snapping personal photos, and video conferencing regularly taking place.
* * * *
There are a wealth of benefits that can be had by embracing cloud services, but it is important to be smart about who you trust with your data. You want to ensure that your data is safe and that you can access it when you need it.