Cloud Computing Safety
– Debbie Fletcher, Guest Writer for CloudPOST, says:
“Smart customers will ask tough questions and consider getting a security assessment from a neutral third party before committing to a cloud vendor” – Analyst firm Gartner
Despite its many practical and cost-saving applications for both large and small-medium organisations, and industry-wide opinion that it has the potential to completely transform the way businesses operate in the future, Cloud computing still has its critics. Most doubters point towards security issues of company-confidential data as their prime concern.
Worries about safety can be nullified to a large extent by using an experienced professional provider with a history of resilient protection such as mclarensoftware.com which employs large teams focused on exactly this issue. This means that data can actually be more secure in the Cloud than it might be on an organisation’s private server, which can be vulnerable due to understaffing, underfunding or unawareness of the various threats out there. It’s also possible to use a hybrid solution, allowing companies to choose which data they place in the Cloud and which they keep in-house.
Here are some of the key issues surrounding data security that any company approaching Cloud storage for the first time needs to be aware of:
Since data can be hacked en-route from in-house servers to storage, it is vital to ensure that anything being transferred is encrypted all the way. Many Cloud storage services operate through a web browser, so companies should check for https in the address bar rather than just http.
Who are the administrators at the provider that oversee the data being stored? What levels of access do they have, and what procedures are in place to prevent against misuse?
Are the provider’s facilities and procedures subjected to regular official scrutiny by auditors, and are these reports available to clients?
What country or countries are the Cloud provider’s servers based in? Do these countries have laws in place that might allow them access to company data, and what does the provider do in order to comply? Some governments may have an interest in examining sensitive corporate data for competitive advantage, so large businesses in certain industries need to be particularly aware of this risk.
When documents or images are deleted, is recovery possible within a certain time period if this is done in error? Also, if deletion is intended, do these files completely disappear from the provider’s servers?
Although Cloud storage is a safeguard against events that may destroy important company data, such as flooding or fire damaging servers, it should be noted that the exact same risks affect the provider. What disaster recovery plans do they have in place for this kind of situation should it occur, such as duplicating storage facilities in separate locations? Physical security is just as important as solid network security when it comes to the Cloud.
The stability of some Cloud providers can be called into question, especially newer, smaller outfits that may have jumped into a rapidly-increasing market in search of easy profits at the expense of proper preparation. Clients can protect themselves by using larger, established players, but should always check what happens to their data in the event that their provider goes out of business suddenly.