How do you keep something secure if you can’t see it? It seems harder to trust the cloud because it’s not like a physical server that you can touch or lock in a closet in your office hallway. The cloud is, however, just as real as your own server, and just because it’s less visible doesn’t mean you have to take its security on faith. When you take your operations to the cloud, your cloud services provider should be able to answer all you need to know on these security points.
How’s the service?
To protect your data, a cloud provider uses reliable servers and a backup system. One of these systems is a failover where a secondary server takes over if the storm of the decade hits the primary server, a strong wind knocks down a power line or the server is simply down for maintenance. The redundancy ensures that uptime is at its best, so the service, and your data, will be consistently available to you.
Companies will also back up their data at different intervals. A synchronised backup will replicate your changes automatically as you make them, but other systems may only back up every 24 hours. Figuring out how much data you can afford to lose will tell you how often you need your information backed up.
It’s all in writing, or should be
A service level agreement (SLA) should list a number of promises from your cloud provider. Beyond performance and backup procedure, a company’s terms can also tell you who will have access to the data and notification procedures for lost or unsecured data.
Cyber criminals look for weaknesses. Transferring information across the internet, back and forth from your cloud provider, exposes you to such a weakness. For that reason, you need to ensure that your provider encrypts all information exchanges between their system and yours using the same kind of SSL encryption used by banks and credit card companies.
A third party audit also keeps a cloud-computing provider accountable. You can ask if the company has undergone an audit to verify their procedures. Or, get a second opinion from a consultant or a current or past customer.
The ownership clause
As a business, keeping ownership of your data is important. You value the work that has gone into generating that information. Some companies specify in their policies that they can use your data for their own purposes. If a company does use or disclose your information for reasons such as marketing or improving their services, their privacy information should clearly lay out the scenarios that would allow this. The policy should also explain which uses you can opt out of and how to do so.
The law on your side
You have the right to take your data with you if you leave a cloud provider, know what information they have about you at any given time, have that information updated if it is outdated, and have any of your information deleted at any time. And those same laws protect your customers too.
In terms of data handling, you need to know where your data is stored, how it is deleted and who has access to it, to ensure you comply with your industry and regional regulations. It may vary depending on where you live, but you need to consider if your cloud provider’s servers are on-shore, or within certain bureaucratic borders, such as the EU.
The cloud extends to your computer
A cloud app can’t protect your data from malware or leaks on your computers. If your laptop is stolen and it isn’t password protected and encrypted, if you use an easily-cracked password or if you have malware on your computer, your data is at risk. Here are some basic steps you should take to keep your systems secure:
- Ensure that all your computers are kept up to date with the latest patches and updates
- Use a strong password with a combination of letters, numbers and punctuation symbols
- Encrypt your laptops and make sure that they are protected with strong passwords
- Get anti-malware software from a reputable vendor and keep it up to date
Security is still in your hands
Ask questions and set your own standards for what you will agree to in the terms and policies. It’s ok to be a little wary in the unfamiliar territory of the cloud, but when you ask the right questions, you’ll find out just how safe the cloud can be.