In the previous article on cloud computing we considered what to look for and what questions to ask security wise when looking for a cloud service provider. In this article we’ll look at what steps we can take to ensure our data is secure.
The biggest issue in my opinion with cloud computing is what would happen if we lose the service for any reason. I believe it’s important for any company making use of such a service to have an effective disaster recovery plan. Granted that this event occurring is not very likely; however, one has to have a contingency plan nonetheless. Ask yourself what it will mean if your business were to lose the cloud service? Can the business carry on? What will the cost per day of downtime be? And most importantly if the service is gone for good how long will it take to bring the system back up to operational level?
It is very important that, should the service close down or be temporarily disabled, the business has an effective disaster recovery plan that can help bring the business back up. While this can sound complicated and expensive to carry out it doesn’t necessarily have to be that way. An offsite backup with a different service provider can be an effective safeguard against data loss. Having a server onsite with a virtual machine configured to run the essential business processes currently residing on the cloud might be an effective way to have the business carry on during outages as well as having a platform to restore functionality should the service be lost.
When storing data in the cloud one has to be aware that data travels through a number of network points before reaching its destination, and at any one of these points (as well as in-betweens) it is possible to spy on any data going through there. It is very important to protect this data against prying eyes and this can easily be achieved if the link between your company and the cloud is encrypted. Ensure with the service provider that your data will be safe during transit.
While having an encrypted pipe between your company and the cloud service provider will protect your data in transit it still leaves it vulnerable to prying eyes at the service provider stage. While it is not very likely that a service provider will spy on your data, can you be sure an employee of the service will not give in to temptation? Such data could be very valuable and as such I would recommend that any data stored on the cloud be encrypted whenever possible; for documents such as letters, memos, spread sheets, etc it is possible to use DRM for a convenient way to control access to this data.
It would also be a good idea to keep an eye on the server logs even if the service provider itself is doing that job for you. If an intrusion happens or someone gets illegal access to your data you want to know as quickly as possible, therefore monitoring the logs yourself will ensure that you aren’t kept out of the loop if such an event were to happen.
Following these simple tips should ensure your data’s safety in the cloud. Even if some of the tips mentioned above should be handled by the service provider as part of the service you’re paying for I would still recommend that keeping an eye on the system’s security from their end as well. The cloud can be a great cost cutting exercise but also introduces other risks that one should still mitigate.