The cloud is still the safest place to be for small-to-medium businesses
Cloud security has been a hot topic in the news lately. While most of the hacks reported in the press have affect consumers and popular free services, there’s no question that some businesses will be concerned, in the light of all these negative reports, about just how safe their off-site data actually is. It’s one thing for an individual like Mat Honan to lose his digital identity, but if a business loses the data it has stored in the cloud (or worse still, if it should fall into the wrong hands), that can have truly catastrophic consequences, both in terms of monetary loss and damage to reputation.
The perceived risk of cloud storage might have some small-and-medium businesses rethinking their strategy and looking to return to the old days of just backing up locally. But doing so could actually put company data at far greater risk. If the firm’s servers fail as a result of a cyberattack or a natural disaster, it’s going to be much harder to affect a speedy recovery.
While handling data management in-house might seem like a possible cash-saving solution, it can actually work out to be far more expensive in the long run. For starters, there’s the wages of the on-site staff that will need to be employed to ensure the smooth running of everything, including keeping on top of the security standards and regulations. Giving the task to an existing employee, in addition to their day to day duties, will just increase the risk of important updates not being applied in a timely fashion. It’s a worrying fact, according to Verizon’s 2012 Data Breach Investigations Report (DBIR), that 96 percent of hacked businesses surveyed were not compliant with the Payment Card Industry Data Security Standard (PCI DSS) when they were attacked, and 92 percent of all breaches were identified by third parties, typically weeks or even months after the event.
The truth is, despite the recent scare stories, dedicated cloud storage still offers the best solution for most businesses. Cloud providers are typically less attractive to hackers because they invest far more in security than the average SMB could ever afford. They’ll also offer physical security at their storage sites, to prevent someone breaking in and making off with the data the old fashioned way (according to Verizon’s DBIR, 10 percent of all recorded breaches was down to a lack of physical security).
Of course, it’s important for businesses to identify the right provider for their needs, and you really do get what you pay for when it comes to cloud storage. Choose a cheap solution from someone without a proven track record, and there’s the risk they might not be up to the task (or worse still could go bust). If you have a company that’s considering moving your data to the cloud, Verizon Business, which offers a suite of cost effective enterprise-class cloud services, suggests asking the following questions of any potential provider before giving them your business:
- Do they have tight physical security, such as 24x7 human guards and biometric screening, to positively identify visitors, as well as video cameras for facility monitoring?
- Where will your data be stored? Will your provider use its own secure facility or farm out processing and storage functions to a third party?
- Can they verify that all software patches, anti-virus signatures, anti-malware, and security policies are up to date and applied consistently?
- Do they have cloud-specific firewalls for virtual machines to prevent intrusions?
- What are the company’s backup practices, and do they replicate data and application infrastructure across multiple sites?
- Is a complete restoration possible, and if so, how long will it take?
- Does their data center have uninterruptible power supplies, climate control, and fire prevention and suppression?
- Data in the cloud is typically in a shared environment, resulting in files from multiple companies residing on the same servers. Does the provider offer strong isolation and compartmentalization at every layer of the multi-tenant architecture to protect against unauthorized access?
- Do they offer tested encryption methods for file transfers, support for customer pre-encrypted file storage, and strong authentication?
- Does the provider comply with standards designed to control access by the people who manage your data?
- And finally, if you foresee specialized requirements not met by shared resources, can the provider offer additional protections through dedicated systems and private IP networking options, such as application log monitoring, virtual private networks, and migration strategies and services?
All good questions, and ones that any competent cloud provider should be able to answer with ease. If they can’t, or the answers seem vague or uninformed, walk away. Your company’s data is too valuable to risk.