Despite a continuously expanding trend for deploying all manner of applications, functions and features in the cloud that has been building for almost a decade and shows no sign of slowing, people still express concern about data security. Put simply, there is no more risk to having your information in the cloud than having on a hard disk or server on your own premises. However, the risks are different and there are some understandable concerns about security that stem from the nature of cloud computing. All this means is that before committing sensitive data – such as information about customers, employees or your finances – to the cloud, you should carry out a little due diligence and ask the right questions.
First of all, ask your cloud provider about the security aspects of their data storage. They should be happy to answer questions about:
Look for a current ISO27001 or SSAE 16 certification, both of which indicate meeting international standards that include data security. (Note: the SSAE 16 superseded the old SAS 70 Type II audits.)
It’s more the lack of this type of questioning which is causing the concern over cloud security than any holes in the cloud model itself. Professional services firm Ernst & Young carry out an annual information security survey and in a recent report, they found that users are so keen for convenient (and cheap) cloud solutions that security considerations are being ignored; the questions are not being asked.
Many industry experts actually see cloud storage as a more secure option than the average corporate or enterprise data center and that the risks come not from the storage but from the transmission of the data via the internet – in the same way that your mail box may be secure but occasionally a letter may go missing in transit. The issue is the journey taken by the data between your screen and the storage center. After all, your cloud software provider might have the application installed on another provider’s platform as a service (PaaS) which in turn could be renting infrastructure as a service (IaaS) from a third provider. Finally, the IaaS provider might be one of many sharing the same data center.
Whether you choose to venture into the cloud or not, data security should be on your agenda and there are preventive measures you can take that will protect your information, including.
Putting data into the cloud is fast becoming standard business practice and should cause few worries so long as you do a little checking first to reassure yourself. Let’s face it, if cloud data security was really a problem the whole setup would have been discredited long since. The fact that its growth appears unstoppable should tell you what you need to know.