Many business owners find themselves questioning where data that they send to the “cloud” actually goes — and, more importantly: Is that data secure? Cloud providers have redundancy and security that you don’t get if you leave your data on the server in your office, but it’s still smart to ask some questions about how your data will be protected.
Cloud data is stored on hard drives in servers in data centers around the world. Most large cloud providers have redundant data centers in geographically diverse locations. Data replicates between the redundant servers to ensure continuity in case of a disaster, and systems are designed with an automated failover between workloads.
These data centers are built to house computing workloads that never go down. That means they have multiple backbone fiber Internet lines. They have sophisticated firewalls. They have extreme physical security that frequently includes biometric scanning and a radio frequency ID badge to gain entrance. They have redundant power grid systems and backup generators. They’re frequently built on huge rockers to make them earthquake-proof. They have redundant heating and cooling systems.
People have been using banks to store their money for years. The concept is pretty similar. A bank vault has numerous security systems in place that protect your money from potential threats. It’s a lot safer to keep your money there than stashed under your mattress. The cloud does the same thing for your data. So, yes, cloud data is significantly more secure than data on a server sitting in your office.
With that in mind, there are several questions that business owners can ask that can ensure they are working with top-tier cloud providers that have a security mindset. Here are some questions worth asking a potential cloud vendor:
• Do you encrypt data? Failure to encrypt all data can have serious consequences, especially if you need to be compliant with HIPAA, PCI or another regulatory body. Proper encryption defends your data against threats. Even if the bad guys get in somehow, they won’t be able to use any of the data in the system if it’s properly encrypted.
• What certifications for data protection does your cloud provider hold? An ideal vendor would have completed a SOC 1 audit under SSAE-16 guidelines. They should also invest in regular testing from independent auditors. If they meet these rigorous standards for data protection, they’re likely to be a security-minded cloud partner.
• What levels for data reliability do you guarantee? Data centers typically use nines to describe their service levels, with 99.999 percent uptime as the holy grail of service levels. If you do the math on that, it equates to 26 seconds of downtime in an entire year. You should look for cloud providers that have at least three nines or better guarantees on their service.
• How much control of my data do I have? This is another important question to ask potential cloud providers. Ideally you should be able to retain complete control over your data and at the end of the data’s usefulness there are controls in place to properly archive or destroy this data.
Most cloud providers store large amounts of data for potentially thousands of clients. One of the important questions to ask is how that data is isolated and safeguarded from other clients. Cloud providers use virtualization technologies to make the best use of resources and frequently store data from many clients on the same physical hardware. The content is electronically partitioned from other clients’ data. To make sure that your data is safe, make sure that you ask some good questions about how they use virtualization and segregate data from different clients on the system.
If a potential provider has good answers to all of these questions, you can rest assured that your data is in good hands. Putting it in a bank vault has some serious advantages to hiding it under the mattress. If you have questions about how your data is being stored or secured, or you don’t know how to ask the right questions, consider consulting an IT expert for some professional advice.
Mike Herrington is vice president of sales for i.t.NOW, where he consults with business owners on IT solutions and strategy.