5 Security Questions You Need to Ask a Cloud Provider Before Handing Over the Reigns to Your Company

Did you know that as of 2015, 83 percent of all U.S. businesses have data backed up in a public cloud server? Not surprisingly, 63 percent of all businesses are now using private cloud services and pay big money for the supposed increased security they offer. No two cloud providers are the same though. And some are still using antiquated practices when it comes to keeping your data safe and intact.

business cloud security

Make sure you ask the following 5 questions before handing over your data:

How do you encrypt my data?

Perhaps your teenage daughter or son doesn’t care about whether the selfies their sending to their iCloud account aren’t encrypted. That’s fine for them and all a parent can do is pray something obscene or provocative involving them doesn’t end up spread all over social media some day.

Businesses definitely need to dig a little deeper into this issue before choosing a cloud provider. Some think password protection on your end offers ample security. These types of service providers are lightweights and think encryption is only needed while in transit, which can compromise yours and your customer’s data if your account is hacked.

What to look for:

  • Ensure that data is encrypted using “256-bit Advanced Encryption Standard (AES) SSL” while in transit to and from your devices, as well as at rest. This is the only encryption method endorsed by the National Security Agency (NSA).

Who holds the keys and how many are there?

This one’s also about encryption but gets more into detail to ensure your data is NEVER compromised at any time, other than perhaps if you get the attention of a world-class hacker and they decide they want to steal what you’ve got. Who and how many holds the keys to your data on their end should be paramount in the decision-making process. Proper encryption key management comes down to a number of different variables. Near all big cloud management companies will have all the bases completely covered on this end.

What to look for:

  • Prefer that the company houses their encryption across multiple data centers so there’s no single point of compromise or failure. Further, ask about their policy on employee access to data. A top-notch provider will segment employee access to a single data center only. The industry gold standard is for providers to use a “dual-responsibility model” where two employees need to provide verification before access to encryption keys and data are accessible to the provider and their staff at any time.

How durable will my data be once I’ve saved it?

Now that you have a good prospective cloud service provider in your sight and feel strongly that their level of data security meets modern standards, it’s time to delve into just how long they can ensure that data will be “available” to you. The current gold standard of data availability is “five-nines” which means an “average” good cloud provider offers a 99.999% guarantee (hence “five-nines”). This means that you have a 1 in 10,000 chance at losing any data. This might sound good, until you start counting the number of files your company has. Guaranteed it’s way more than this if you’ve been in business for any length of time. A typical five-nines guarantee means you’ll lose 1 out of every 10,000 files each and every year – guaranteed.

What to look for:

  • Preferably, you want at least “ten-nines” in their data availability guarantee. This type of availability can only be achieved if your data is stored (minimum) in triplicate, in well-dispersed data centers, preferably globally-spread data centers. Ten and eleven-nines storage offers such a ridiculous availability rating that mankind is more likely to be extinct by the time a file is lost, than are the chances of you actually being alive long enough to see any data loss!

business cloud

How much control will I have over my data?

It would be impossible to list all the potential scenarios that can take place at the end-user level regarding data access related problems that can come up. There needs to be a defined chain of command in place to handle all data and end-user authorizations. And that chain of command needs to start and end with you. You need to have full control over the entire life cycle of the data, start to finish.

What to look for:

  • Ensure the cloud provider offers your business full control over how data is uploaded, downloaded, filed, shared and who can access what. Further, controls should be in place so you can allow employees, clients and other service providers limited access privileges, including viewing, downloading and editing privileges. These measures will ensure finished files aren’t changed without your consent and that you can remove those privileges immediately if needed, in the case of project completion, along with employee downsizing, terminations and demotions.

What’s your audit policy on my account activity?

What good is having a fully mobile storage platform if you can’t see changes that have been made and access that’s been granted over time? This is relatively easy to do with an office-based server and it should be just as easy to track activity through your cloud provider.

What to look for:

  • Make sure that you’ll have full access to an easy-to-use audit trail detailing any and all changes occurring on your account, and that previous versions of all data are held in storage for a reasonable time frame before they’re purged in case mistakes (intentional or not) are made.

Finding a secure and reliable cloud storage provider doesn’t have to be difficult. Follow the advice given above and never compromise the quality and type of service offered just to save a few dollars.

You might also like