Just a few years ago, people talked about the cloud a lot differently than today. People made air quotes around “the cloud,” and there were questions about security and reliability. Now that almost every software vendor has a cloud offering, most of us have a better understanding of what the cloud is—but security is often still questioned.
Is our data safe from prying eyes? What happens if the cloud goes down? Will we be able to access our data? With so many questions, many hesitate when it comes to storing their most important information in this nebulous concept called the cloud.
Let’s examine why the cloud is an effective means of storing data, plus what to look for when evaluating cloud-based providers.
The Cloud vs. On Premises
When we talk about cloud security, the discussion tends to focus on keeping information stored in the cloud safe. But one thing people tend to leave out of the discussion is whether the alternative—storing your company’s most valuable systems and data onsite—is truly safe.
Any number of things can take your onsite systems down, from power loss to server failure. Take Hurricane Sandy, for example, a storm that caused widespread power outages and disrupted transportation for days in New York City.
Numerous businesses were impacted in some way. The ones that experienced minimal disruption were those who either had in-house disaster recovery plans, or relied on vendors who had them.
The reality is, storing important systems on a third-party cloud actually provides added resilience against disruptive events. It’s especially important for companies without established disaster recovery and business continuity plans that would allow them to continue operating during such an event.
Most cloud-based software vendors, on the other hand, do have these plans. Data within the cloud is also typically backed up at several locations, meaning if one provider’s servers crash, you don’t lose access to your data. In this context, it’s easy to see how the cloud actually provides an extra layer of security.
What to Look For
Relying on the security of your system all comes down to how much you trust your vendor. So what should you look for as you evaluate a cloud-based service offering? Some important vendor certifications include:
- SOC 1 Type II certification: This is an accounting auditing standard that demonstrates a vendor has undergone a thorough examination of their IT controls, and that those controls will effectively protect data hosted or processed for customers. The Type II report is more stringent than a Type I, requiring tests of operating effectiveness for at least 6 consecutive months.
- ISO 27001 for Information Management: This standard ensures organizations can keep information assets secure, including financial information, intellectual property and employee details. It provides a measure of confidence that a vendor’s internet safety management system (ISMS) is secure, controls are in place to keep it that way and the company can respond appropriately to any security-related events or incidents.
- ISO 9000 for Quality Management: Many readers are already familiar with this one. If you’re not, this standard shows a vendor has processes in place to ensure products and services meet customer requirements, and that they’re consistently improving over time.
- TRUSTe: The TRUSTe certification means your privacy is secure when you use a vendor’s website. It shows online privacy controls conform to best practices and comply with federal and state regulations, and that the website is constantly monitored for threats.
- Safe Harbor: This is another privacy certification that ensures a vendor is adequately protecting all personal data under their control.
- Disaster recovery: As we’ve mentioned, reliability is just as important as data security. An unstable cloud system will cause big problems if it crashes, something many vendors approach using multiple redundancies. However, this doesn’t rule out the possibility of a crash, so it’s important your vendor has a documented disaster recovery plan to keep things running with minimal consequences in the event of an emergency.
When making the decision to move to the cloud, choose a trusted vendor capable of handling the entire process and meets the qualities listed above. The end result? An automated system that improves security, reduces IT hassles and puts more time back in your schedule.