Cloud computing is undoubtedly revolutionising business IT - and
there's little doubt the huge trend towards storing data and
running apps from the Cloud is going to continue.
The convenience, the unlimited storage capacity and, probably
most of all, the big cost benefits are pretty clear for most
businesses. For many smaller businesses in particular the
idea of not having to worry about IT at all and instead be able to
focus entirely on running a business is hugely appealing.
This is all very well, though, but cheapness and convenience are
not so attractive if you can't be sure that your data is
safe.
If you're concerned about data security it's a good idea to
consider some basic points even before you consider the
Cloud.
- If security is a big concern for your business, then starting
in-house might be a good idea. Probably the first point
to consider is: 'How important is my data?' What are the
consequences of it being lost or stolen?
Can you quantify, even if only in general terms, the effects of
this data being breached or stolen - this includes the effects on
the good name of your business and how it would affect the running
of your company? Would it mean you could not trade, for
example?
Answering these questions realistically at least gives some idea
of how far you should go - and spend - to make sure your data
is secure, whether it's kept on a local server or in the
Cloud.
- Examine who controls or has access to the most sensitive
information. Establish access on a need-to-know basis.
The huge rise in mobile devices means that data can be accessed
from many points, often outside the workplace and this in itself
creates points of vulnerability. So, take a look at what
devices are used and by whom, to access this data and how is it
protected?
After all this, then consider the possible risks of Cloud
computing.
The problem for most businesses is that, in terms of security,
Cloud computing feels counter-intuitive. How can data stored
'up there', in a place not always fully understood and then
accessed over the Internet - a fundamentally public network - be
safe? Even the term 'Cloud' sounds woolly and
insecure.
But the reality is rather different.
The Cloud has been compared to banks. People choose to
keep money in a bank because it's safer than keeping it at
home. But, obviously, there are good and bad banks!
Total security doesn't exist. Even so, there are some key points
to think about if you're considering selecting a cloud
provider.
- First off, make sure you choose a provider that has its own
data centre and owns its own equipment. This way, it is not
dependent on a third party and you can deal directly with the
provider.
- Check their record of 'uptime' - in other words, check how
often their network fails for whatever reason. Reliability is right
at the top of any check list. It's not the same as security maybe,
but, without it, your business could well be compromised. You
should be looking for near 100 per cent reliability, giving you
access to your data at anytime.
- Is your data stored in this country? It probably should be for
peace of mind. For some types of data, it's a
requirement.
- Make sure you know the financial health of the provider you are
thinking of using. And, even if they seem sound and
well-established, you still need to ask the question: what happens
to my data if they go bust.
- Similarly, one of the reasons you store data in the Cloud is
that it's a form of back up away from your business. But what
happens if the data centre burns down or is in some other way
compromised?
- Choose a provider that responds to your questions and concerns
rather than just going for the biggest. Service and support are
extremely important. Find out if you can deal directly with a
named person who deals specifically with your account. It's vital
to have open and clear lines of communication.
- Always make sure you speak to other clients of the provider who
are willing to share their experiences.
- Check how well the physical data centre is protected - does it
have CCTV security, security guards, controlled access and so
on?
- What about safety standards, protection from fire and floods,
as well as temperature control to keep all those servers cool and
working at optimal levels?
- Are there on-site engineers available around the
clock?
- Check that the data centre's certificates and qualifications of
competence are properly recognised, such as the internationally
recognised ISO 27001. If in doubt, contact the United Kingdom Accreditation Service
(UKAS) for further information.
