Securing Data in the Cloud

December 19, 2014   //   News

As cloud computing becomes the standard for business systems, safeguarding highly confidential client and company information is paramount to your firm’s success. Fortunately, cloud providers have responded to early security concerns, and most cloud solutions offer data security second to none. This article shares some considerations, along with a free webcast on the subject!

Ensuring your cloud provider has the high level of security you need to maintain your information integrity is simple if you ask potential cloud service providers the right questions. Recent publications, such as CIO Magazine’s article, “9 Things You Need to Know Before You Store Data on the Cloud,” and Thomson Reuters’ white paper, “Making the Leap to the Cloud: Is My Data Private and Secure,” provide many recommendations to minimize cloud security risks.

(snippet – link to full article below)

What should you look for in a cloud vendor when it comes to data security?

  • Tier 4 data centers: According to Thomson Reuters, a provider that offers Tier 4 data centers is a good benchmark. These types of data centers offer built-in redundancies for protecting sensitive data.
  • Multiple backup data centers: Providers with multiple backup data centers can ensure uninterrupted service in case of infrastructure failure, which can be critical for time-sensitive issues. Additionally, storing data in multiple data centers or regions around the world can help your firm survive local and regional outages, with access to your applications from another location.
  • Assurance that the vendor’s employees understand how to protect the client’s data: Thomson Reuters asserts that it’s important that the vendor has a set of procedures in place to maintain your data security.
  • A notification system in place in case of security breach: Make sure the provider has a protocol in place to inform your company immediately in the event of a security breach. Also determine if your provider has had a security breach in the past, and if so, what measures have been taken to prevent this from happening again in the future.
  • Identify your data security support team: Request information of the staffing for data security and privacy, along with the training program and procedures.
  • Top-level facility security: Ask what type of security is in place. Is it a badge-accessed facility with cameras everywhere? Ask for a copy of their security policies? Thomson Reuters also recommends requesting a tour of the cloud vendor’s facilities, which can highlight the data center’s physical security capabilities and technology. Be sure data centers are not easily accessible, and that access can only be obtained by authorized agents that are verified using biometric measures such as fingerprints or retina scans.
  • Anti-data theft measures in place: Confirm that the latest application security such as firewalls, anti-virus detection software, data encryption software and administrative controls are installed to ensure state-of-the-art information protection.
  • Third-party security audits: Ask the data center for security audit reports performed by third-party consultants.
  • Redundant power supplies, internet connections and hardware: Confirm that your cloud provider will be able to fully retrieve and access data without interruption.
  • Private cloud computing services: These applications should only be accessible to both the cloud computing provider and your company.

Disaster Recovery and Business Continuity

Aaron Saposnik, Infrastructure solutions consultant, SWC Technology Partners claims that backing up data is easy, but restoring data can be difficult and costly–some vendors charge extra for these services and it’s good to know this information before you sign up for a vendor’s service.

This article, “Securing Data in a Cloud” originally appeared in Smart CEO’s online publication. (Link no longer available)