Is the Cloud a safe place for data? Well that depends on you!

Two discussions with prospects this week highlight that security and privacy of data in the cloud is an ongoing concern.

Prospect 1 just came out and said that a traditional IT provider had seeded concerns around cloud security with him whilst pitching a server installation onsite. Needless to say, this same vendor had not highlighted the onsite security requirements and costs to comprehensively protect and backup data on the proposed server!

Prospect 2 was more subtle, asking "how to" questions about maintaining local copies of data that would be transfered to the cloud.

Both prospects were concerned about the security issue without being very aware of their current level of security and risk.

Information security in the cloud is a shared resposibility of the service provider and the customer.

What the service provider must do to offer credible security:

a) Physically protect your data so that access to the server and storage including removable media is restricted and all access is audited.
b) back up data, both locally, and to alternative locations that are equally secure
c) ensure personell and contractors who have access to data are bound by a signed privacy agreement and compliance to security standards
d) encrypt data with a security certificate through https so it is protected during communication between you and the server
e) enforce account proctection with strong password requirements and password expiry rules

What the customer must do so as not to compromise or subvert this protection:

1) use strong passwords and ensure these are regularly changed
2) avoid sharing subscriptions or accounts between staff which breaks traceability of actions to individuals
3) remove system access by disabling accounts or changing passwords when staff leave
4) protect mobile access devices with a pin code
5) ensure personell and contractors who have access to data are bound by a signed privacy agreement and compliance to security standards
6) limit access to data to the minimum required to support a persons job function
7) educate end users in common security threats such as phishing attacks, device theft and use of public wifi

If you choose a cloud vendor, make sure they comply with items a-e above. If you run your own server then these items apply equally to your environment. Regardless of cloud or on site services ensure you follow steps 1-7 to protect your business data.

After a small amount of education and awareness, I'm pleased to say that both prospects decided to proceed with cloud computing as an alternative to on site server installation or refresh, and therefore accessed the benefits of cloud computing including in both their cases, significant improvements in security and data protection.



Posted: 3/17/2012 4:36:37 PM by Global Administrator | with comment(s)

 
 


Comments
Blog post currently doesn't have any comments.

Follow us on
Within Reach Software is an Advisory and Management company that aims to drive the adoption of SaaS and Mobility solutions through education, consulting and advice.


Recent posts

How to reduce the risk of spreadsheet errors affecting the quality of your business decisions
Simplifying your business with fax as a service
How to decide which Software as a Service solution is right for you. “Is it free” probably isn’t the best starting point.
Network considerations for your move to the cloud
Organising your Company information; Now it's personal

Syndication

Within Reach Software Blog RSS Feed Our Blog

Post archive

August 2012(1)
June 2012(1)
April 2012(2)
March 2012(2)
February 2012(1)
January 2012(2)