Cloud computing is clearly the way of the future (it’s just too convenient not to be!) but a lot of individuals delay the process of converting because of security concerns. And let’s face it, it does feel more secure to have all of our information in a physical place: our computers.
But those waiting aren’t alone, and it’s a fact that many IT infrastructures are not equipped to address concerns about cloud-based security, especially for organizations handling sensitive data. For example, most public cloud computing services use shared hosting hardware for multiple clients, meaning there’s no control over data storage practices.
Image via wikimedia.org
Public clouds are made available for personal use through services like Google Drive and Apple Cloud, but these are primarily used in closed environments. How does one look for great services to host their organization’s needs for cloud computing without sacrificing security?
Know the Location of Your Data
We all know that encryption keeps data safe, firewalls keep intruders out, and antivirus software keeps it uncorrupted. But the first step in securing data is to know where it is. For this reason, insist on dedicated hardware for your data storage, even on cloud-based operations. It’s more costly, but far safer. When there are fewer individuals accessing a server, there is a reduced opportunity for anything untoward to happen. Always keep all of your server information stored in hard copy, just in case. Which leads nicely into the second suggestion…
Back Up Your Data Regularly
This is something often preached and rarely practiced, but all sensitive data should be on a routine backup plan. All backups should be stored in hardcopy by date, just as a matter of good recordkeeping, and so that if there are any issues, it can be easy to discover when and how they originated. Your data backup dates and rates should be determined by the size of your database. Larger databases are so time consuming to back up that often it can prohibitive to do it more often than a few times a year at best. Smaller data sets should be backed up monthly.
Make Security Your Data Center’s Primary Concern
Do you know what the acronyms SOC, SSAE, or SAS mean? If not, learn them fast! Knowing your data center’s security standards is as important as knowing your server’s standards. Are they running clients which have been PCI or HIPAA certified? This is a great hallmark of a truly secure data storage plan. A managed service, like AWS Security, can take care of issues such as this for you, and quickly elaborate upon potential security options to make your data and applications more resilient.
As With Any Other Business, Use References
Considering a specific cloud computing company? Always ask them for client references. Not just snippets on their website, but real individuals you can email or speak to. Always look for companies willing and able to give you a battery of clients; one is never enough, especially given the cost which often goes into transitioning an organization to cloud computing. References do more than just reassure you about security; but also about how responsive a company might be to customer service or other issues.
Never Stop Testing
Testing, like backups, should be done regularly and consistently. You will never know for certain if your cloud computing is secure without a good test, and luckily, many organizations and consultants offer this service. Vulnerability scanning is a standard in many industries, and your assumptions are worth nothing compared to hard evidence one way or the other.
Conclusion
There’s no such thing as a guarantee of total security; not even the Pentagon gets that. But just as with any other IT initiative, due diligence, regular maintenance and checks, and critically analyzing your systems will always provide a safeguard against the worst case scenario.
from Darlene Milligan http://ift.tt/1KQDCCG via transformational marketing
from Tumblr http://ift.tt/1KQTKBs
No comments:
Post a Comment