We hear it all the time: owners of businesses and non-profits alike are saying,I know about the cloud. I’ve heard about the cloud. I know I don’t want to buy and maintain my own server equipment, but I don’t know if we’re ready for the cloud.
But the big question on everyone’s mind in this era of data security concerns is most often this: “Is the cloud really safe?”
The short answer: Yes. Why, you ask? Read on…
Is Your Server Really Secure?
First of all, lately there’s this odd, prevailing notion that protecting or defending a system is much easier if you have physical access to it. This is, of course, not true at all. However, many people continue to voice their disdain for the tech culture shift into the cloud because it’s “not secure.”
The reality of the situation is that there’s a much greater risk to your data when it’s stored on your own server. So the cloud is typically a safer alternative than the current internal servers of many small businesses and non-profits.
If you’re lacking a security expert, your data’s probably not secure; it’s possible that your system has already been monitored, or maybe even hacked at some point. Many small business servers lack important security buffers, such as edge firewalls, sophisticated routing equipment, and enterprise-grade security privileges. Plus, without that security expert, there’s no one monitoring your network activity, and likely no one who is actually qualified to review and configure your server to ensure it’s truly locked down.
So if your small system is hacked, you’re also putting your data at risk when you switch to the cloud, right? Well, no. Cloud backup and storage companies like DropBox, Box, Mozy, Apple, and Google are much bigger targets because people know they’re targets. So unlike your tiny office server, the big guys are constantly and actively working to incorporate security to defend your data against hack attacks.
Considering the Cloud
Still unsure about the cloud? That’s a good thing. It means you’re careful about your network security. There is one definite and obvious drawback to the cloud, which is warranted: internet access is required to access your files. You simply can’t connect to and work in and with the cloud without a reliable internet connection. Just something to consider.
Here are some additional considerations to address before choosing a cloud provider and making the shift to the cloud…
Own Your Data. Always read the licensing information and the terms and conditions you must accept from every potential cloud provider. There are a handful of sneaky providers out there who will try to lay claim to your data on their servers. However, generally speaking, any reputable file-hosting provider (especially one already operating email hosting services in the cloud) will respect your cloud data as your individual or company property.
Recover Your Data. It’s important to understand each company’s approach to disaster recovery, and the organizational policies that back up data recovery procedures. Many people don’t know that it’s completely reasonable to ask for a backup and disaster recovery policy from any file-hosting provider. So please do!
What happens to your business if a disaster occurs at the data storage facility of your cloud provider and all your important company files are lost? Let’s say your provider has redundant backups, but everything fails. If they’re only completing those backups every two weeks, you risk losing at least two weeks worth of files and work. Can your company afford the additional workload required to reconstruct all that lost data?
Don’t settle for vague blanket statements such as, “Our data center is state-of-the-art.” What you really need to know is how often that company is backing up your data. You also need to ask for up time numbers. Up time (put simply: the continuous amount of time a server is operational) is an important indicator of the reliability of that provider’s equipment.
Encrypt Your Data. Large cloud services are built for the purpose of securing data and information, so they can meet enterprise-grade security and encryption standards that your small business server often cannot. Encryption is your last line of defense, and it’s highly effective. Should a hacker gain access to your company data, multiple layers of data encryption ensure your data is still secure and inaccessible because it cannot be decrypted.
Certain providers, like Mozy, offer data protection well beyond the baseline standard of 128-bit encryption. MozyPro offers a 448-bit Blowfish cipher encryption, or the 256-bit AES encryption (PDF), which is even more secure because you get to choose your own personal key (on top of that 256-bit encryption, which is the standard practice of the US government and the National Security Agency). These encryption security standards are incredibly hard to crack open (if not impossible).
Download Your Data. Be sure your data is portable – meaning that your data should be available for download at any time, and in an industry-standard format. You might need to access your data because you want to move to a new cloud provider, or perhaps you want to create your own backups just in case. Regardless of the reason, a reputable provider will allow you to do this, and without hesitation.
For example, at SmartWave we can easily access and download our company projects from the 37signals Basecamp cloud. We can easily access our information (in a recognizable format), download it, unzip it, and stick it on a different web server, at any time and if we so desire. --- Many companies, such as Carbonite, provide both easy-to-understand security specs, and more detailed security information (PDF) for the more careful cloud consumer.
The secret is simple: just be sure you do your homework before choosing a cloud provider and sending your data up into the cloud. Then you can rest assured your data is safe and secure.