Cloud security – big insecure bogeyman and really risky move, right? Well, that depends where you start from.
It seems to us so often the case that when people not so familiar with technology weigh up the benefits of something new, they are starting from a position that what they have at the moment, ie what they know, is intrinsically better. Usually there’s no basis for that belief other than that we tend to prefer the devil we know. Cloud security is a perfect case in point, as covered in this Mashable article, Can You Trust the Cloud?.
We hear a great deal about the insecurity of the net and the risks we take every time we venture into cyberspace. It would be irresponsible of us to poo-poo these risks, but they should be viewed rationally, especially when considering changing some aspect of your company’s online set up. As always, make the decision you feel is best for you, but make it from an informed position.
Cloud security and the server under the desk
‘Security’ means different things to different people. In the context of public cloud services, ie your data and/or services hosted on a server run by a third party provider, you’re worried about people you haven’t authorized gaining access to your data, whether hackers or government intelligence agencies, whose laws permit them access to data held on their soil.
However, real though those concerns are and rigorously as they should be addressed by anyone proposing to hold your data or run your services, contrast the reality of that ‘threat’ with the security of data that’s held on a server that sits under Marjory’s desk. We love the Marjories of this world, but don’t for one moment go imagining that data held on the server under her desk is really particularly secure. Apart from the very real possibility of physical damage to the drive from inevitable deterioration over time, you must consider the consequences of fire, flood, electrical surges, theft, structural problems and so on. These sorts of things really do happen, and the figures for businesses coming back sucessfully from the levels of concomitant data loss are shockingly low.
In order for data held on-site to be genuinely secure, the systems involved (including your data connections) must be robust, proactively maintained and routinely backed-up and tested, for starters. Then extreme levels of physical security must be in place 24 hours a day and full daily back ups held in ideally at least two separate locations well off-site. Thirdly, in the event of data failure, the person responsible (and there must always be someone responsible) must know exactly what to do to get the data flowing again with minimum down-time and disruption. As the article says:
Moreover, in most cases, a major cloud storage company is going to have better security for its setups than a locally managed server you maintain yourself.
Cloud security – Fort Knox in comparison
In the light of that, look again at the risks of cloud security. Does data held on well-maintained, physically secure and strongly protected servers look like it’s really, genuinely, at more risk than data held on the server under Marjory’s desk? Consider your responsibilities to people whose data you hold – names, addresses, bank information etc – and view the issues objectively.
Any company you approach about providing cloud services (such as ourselves – Amazon, Google and Rackspace are not the only fruit) should take your concerns seriously and explain how they handle those risks. We’re always happy to chat about how we approach cloud security, look after data and protect your online services.
Whatever choices you make, make them from a position of knowledge.