Cloud computing is regularly the subject of discussions surrounding security. Many companies are reluctant to put their data on third-party systems for fear that it will be compromised. For this reason, it is common for businesses to choose a cloud provider based on the level of protection that they offer. If you are thinking about migrating to the cloud, then this analysis of how to choose the right service from a security point of view may prove to be helpful.
The first question to ask any cloud provider is how they manage access to the data which they store for their clients. Sensitive information is often the lifeblood of a business. Without being able to control physical and logical access to it, as you would do working in-house, it is reasonable to check the personnel policies of a cloud provider. Knowing that appropriately qualified people with unblemished backgrounds are going to be overseeing the administration of access to your data will go a long way to convincing you that a provider is serious about security.
In a study by Gartner, it was argued that a key sign of a good cloud provider is that it adheres to regulations and, more importantly, opens itself up for external auditing. Businesses should be wary of providers that sidestep opportunities to prove that they uphold the standards of their industry, as non-compliance can be a clear sign of poor practices.
Although the location of data in the cloud is a partially abstract matter, providers still need to use physical servers to store information. As a result of this, it is often possible to negotiate so that your data is stored on servers located within a specific area to take advantage of the legislation and privileges of protection which this grants. If your information is stored in the cloud on servers outside of your national borders, then problems could arise further down the road. Transparency in this area is essential.
The encryption of data in the cloud is a double-edged sword. On the one hand, you want to be sure that your data is property protected against illicit access, but on the other you want to make sure that the encryption process is not going to leave you with corrupted, inaccessible information. The segregation and encryption of data needs to be handled by those with experience in the field, according to Gartner, so it is useful to ask a provider for evidence of this before committing to a deal.
Recovering information after a disaster to ensure continuity of your business is made easier with the cloud, but it is vital to ask your provider about its own provisions for recovery. If all of your data is only stored in one location, not backed up across a number of sites, then you are just as vulnerable as you are with a single, in-house backup solution. Finding out about disaster planning and how long a cloud provider will take to get back up to full speed will make it easier to choose between rival companies.
Of course, the added complexity of the cloud as a result of its geographically disparate and yet interlinked systems can make it more difficult to trace any illegal activity. Using a provider that will be able to investigate any potential wrongdoing and, ideally, make a contractual commitment to supporting you in this area will stand you in good stead.
The final security risk comes in the form of your data’s integrity in the long term. If for some reason your cloud provider ceases trading or is acquired by another company, then you will want to know that you can recoup all of your information in a usable format so that it can be retained in-house in an accessible manner until a replacement is found.
This article was written by Daisy Group plc, who provide business communication and hosting solutions including managed hosting, cloud computing and Colocation to business customers across the UK. Our 3 UK Data Centres in Manchester, London and Southampton provide 24/7 support 365 making Daisy the natural choice for business hosting solutions.