Staying Secure in the Cloud Age

2013 By Uptime Systems
 

The use of cloud computing has changed the way we do business and who we trust with our confidential information. Networks are costly burdens to many companies, so a large number of them are now turning to cloud computing providers for their application and storage needs.

 

If you are considering a move to a cloud service, there are a number of things you need to do to ensure that your identity and information is safeguarded.  Here are our top recommendations:
 

1)  Work with nationally-recognized cloud service provider.

Lists such as the Talkin’ Cloud 100, Top 100 Managed Services Provider – Small Business Edition, and Top 501 Managed Services Provider – Global Edition recognize companies that consistently provide the best cloud service. When choosing a provider, make sure to read online customer reviews and industry feedback.

2)  Review the details of the contract and ensure that there is a clause covering ownership and usage.

In 2012 Google Drive came under fire for claiming the rights to anything a user uploaded, even after the contract had expired. If you are working with a cloud provider make sure that the fine print includes ownership of your work.

 

The Real Cost of a Data Breach
Explore more infographics like this one on the web's largest information design community - Visually.
3)  Make sure that your provider has intrusion prevention and protection.

In the cloud, as with an on-premise computing environment, the threat of intrusion is real. Ensure that your service provider of choice is able to quickly and appropriately handle intrusions and ensure the protection of your valuable data. When Network Solutions experienced a DDoS attack, many users using MySQL databases were unable to access their sites. For a business that is dependent on the Web, having a site down for hours to days can cost significant amounts of money.

 
4)  Make sure that your provider will only store data within the continental United States.

The Interior Department requires all data to be stored in the United States in order to increase security. But the government is not the only concerned entity. Attorneys and doctors must also ensure their data is safely within the US due to HIPAA regulations and many local State Bar associations. The security of personal information is of critical importance. If your cloud service provider is unable to comply with the security requirements set forth by regulatory agencies and associations, you need to be concerned about the security of your data and investigate where it is going.

5)  Be clear on the service provider's process if there is a subpoena.

Read the contract carefully and question the process that occurs in the case of a subpoena of data and records. Become clear on your responsibilities when it comes to a subpoena. Check to make sure your service provider will give you some type of notice if records have been requested.

6)  Work with a cloud provider who's security policy matches your own. 

Recently NASA was criticized for their use of cloud storage that put their data at risk. Moreover, the risk was present for more than two years. Make sure when selecting a service provider that they have adequate policies and security philosophies. If the provider is a good fit, they will understand your needs and will work with you when it comes to services, updates, and risk prevention.

7)  Select a service provider that is SSAE 16 (formerly SAS 70) Type II certified.

Serious service providers become SAS 70-certified. They hold themselves accountable and stay ahead of the competition in providing secure services. Although not a requirement, it is a sign of self-regulating activities that will keep your data even more secure. Do not be shy about asking to see their service results and metrics. Nothing speaks more loudly than their past and present performance results. A cloud provider who is security-minded will have ongoing performance statistics to share with prospective customers.

8)  Review the potential service provider’s method of reporting and investigating all incidents.

Transparency is key when it comes to investigating concerns. When a serious issue is handled quietly without any notice to the customer, there is a perception of wrongdoing. Look for a service provider that is upfront about the handling of all data, incidents of intrusion or hacking, and the outcome of all investigations involving your data.


Security is a valid concern whether your data is stored in-house or in the cloud. Taking the above-listed steps will ensure a more careful selection of your cloud service provider, more secure handling of your data, and an increased cost-savings for your company.