More and more businesses are using cloud services to outsource data handling and storage. The reasons are often to reduce costs or to tap into specialist IT skills and resources that are not available in house. The cloud is particularly attractive to smaller businesses that can’t afford large IT departments or infrastructure.
Choosing a cloud provider can be tricky however and for one very good reason. Security.
Once you start giving a third party responsibility for processing your own data you need to be absolutely sure that it will keep that data secure, whether it is customer data or any other sensitive information. And the reason is that while the cloud provider may be the processor of the data, you will remain the data controller and all that implies.
In the eyes of the Information Commissioner’s Office (and other regulatory bodies) the controller is responsible for safe custody of data. Which means you take the hit if that data is lost through a cyber attack or hack on the cloud provider.
And the hit can be bigger than you think. Data compliance isn’t just aimed at the big corporations. Smaller companies are expected to be equally robust, and may be subject to the same level of fines if found negligent.
So how do you avoid getting into hot water in the cloud?
The first step is, and I can’t emphasise this enough, do your homework. There are many cloud providers out there, some good, some bad. Due diligence is everything.
The way to find a good one is to research thoroughly. Look at their track record, who their customers are, how long have they been in business, what’s the feedback?
Then quiz them on security. Just what kind of measures do they have in place to prevent a breach. If need be hire a security consultant to do the research for you. It might be the best few grand you’ve ever spent.
Once you’ve found your cloud provider the next step is to nail down a watertight service level agreement that details exactly what you get for your money.
You need to consider such matters as access to data from your end, access for your own IT people and what level of support the cloud provider gives. Do they have 24/7 cover? What happens if servers fail or indeed, if there is a breach. Do they have insurance?
Don’t be put off by smaller cloud providers, the big names aren’t always the best. Its experience and track record that counts and you can find this out by asking the right questions.
Finally, don’t put all your eggs in one basket. Many smaller businesses outsource just some of their data processing, even keeping the most sensitive data in house until they feel ready to fully trust the provider. See it as a trial run.
If you are still worried about storing data in the cloud then a consideration is to split your cloud storage provider and the security of the data. There are a growing number of companies who are providing Secure Managed Services where they provide all the data security which needs to be applied to the data, rendering the content unreadable by the cloud storage provider, so all they do is store the data for you.
Although The Managed Security Service provider knows the keys to the data they have no access to the logon credentials, hence, they can’t access the data. This means that only the data owner, who has both the security key and the logon credentials, has full access to the data. This process decouples data storage and security leaving you in total control.
Cloud services can be hugely beneficial to growing businesses. Approach them in the right way and you are much more likely to get those benefits, and stay secure.
Colin Tankard is Managing Director of data security company Digital Pathways who are specialists in the design, implementation and management of systems that ensure the security of all data whether at rest within the network, mobile device, in storage or data in transit across public or private networks.
Image: Cloud computing via Shutterstock