User login
Courtesy navigation
Search
Q&A: Cloud computing security
Cloud computing can be an efficient, cost-effective way to run some of your business IT systems. But how do you keep your data safe when it’s stored off your premises, on servers that you don’t own or even fully control?
David Blackman, general manager, northern Europe, at disaster recovery specialists Acronis, explains.
What are the main security risks of cloud computing?
"The cloud offers a cost-effective alternative to traditional forms of business IT. However, businesses do have worries about security. Many are concerned about whether they can trust cloud services to keep their data private.”
“Companies are also concerned about how and where their data will be stored – particularly whether it will be held in a way that complies with laws like the Data Protection Act.”
“A survey we ran also found that 54% of companies are worried they wouldn’t be able to recover their data quickly enough in the event of a problem with their cloud computing provider. That’s a valid concern, particularly if you rely on that data to run your business.”
What security features should businesses look for in cloud computing?
“Choose service providers with experience and a track record in both the service they’re providing and cloud computing itself. Make sure you can trust the company providing the service, and ensure they are well established.”
“Check they have a strict service level agreement (SLA). This guarantees your business a certain level of service, and should entitle you to compensation in the event of any problems.”
“You will probably be entrusting some sensitive data - like business emails, customer information or your accounting figures - to your cloud computing provider."
"To make sure this data is stored safely, look for a government-approved level of encryption, such as Advanced Encryption Standard 256 (AES-256), the standard adopted by the US Government. This scrambles all your data so nobody can read it.”
“Make sure your cloud service encrypts all data before it is transferred between your business computers and the cloud service. Check there’s traditional login and password protection too.”
Cloud computing involves storing data on someone else's server. How do you know they can be trusted?
“Because cloud service providers live or die by keeping their clients’ data safe, most have very strong security. In fact, the precautions taken by cloud services are often much stronger than the security precautions taken by businesses themselves.”
“Companies tend to be unsure about cloud security because they don’t understand how it works. Always ask your cloud provider to explain their security procedures thoroughly. If you have an IT supplier you can consult too, that’s all the better.”
“It’s most important to look for a cloud computing service with a proven track record. Simply searching for the company’s name on Google may be enough to reveal any previous problems.”
Do we need to back up data which is stored in the cloud?
“Ideally, yes. You should always have two layers of protection: one on your own premises, and one in the cloud. Your cloud supplier should be able to explain how you can achieve this.”
“Keeping your own copy of the data somewhere means you’re as sure as you can be that it’s safe. It also means you can get up and running faster in the event of a problem – you won’t be entirely dependent on your cloud provider to keep working.”
Does it matter if the servers our data is stored on are in a different country to our business?
“The European Commission's Directive on Data Protection stipulates that servers handling information from UK small and medium businesses must be located in the EU.”
“Although there are more stringent regulations for certain industries, like banking and finance, most companies can stay compliant by keeping their data inside the EU. However, many cloud services run from servers based in US. If yours falls into this category, make sure the provider is on the US-EU Safe Harbour List. This guarantees they meet the regulations.”
“That aside, the physical location of the server shouldn’t be a concern for businesses, as long they pick a reliable and trusted cloud computing provider.”
What's a good way to try out cloud computing in a low-risk way?
"Cloud computing services are easy to set up. Because you don’t have to manage the physical infrastructure, many hassles are completely eliminated. Businesses should find it relatively easy to switch to cloud computing.”
“A good place to start is to use cloud computing to run your offsite backups. It’s a good, cost-effective alternative to tape and disk-based backups.”
“Get advice from your IT supplier. They should be able to recommend a solution to meet your needs and provide support and advice.”
Popular content about cloud computing
Navigation
Founding partners
Follow us on:
Small business technology advice, tools and resources | IT Donut
Copyright © 2010-2013
Comments
Great to see discussion of Cloud Security with some tips.
How about being able to audit where your data sits. I think you make a good point about sanitisation if data is moved, this needs to be really robust. I was reading earlier today about hackers recovering deleted data from a server.
Specifiying where your data can and cant go is really important as you say.
If businesses do decide on Cloud then having a relationship with the provider can make a difference as you can insist on consistent quality in security that you may have reservations about getting from a broker who is effectively moving your data to where its cheapest to host etc and do not own the servers of data centres.
Nice research and pardon If you cut the long discussion short in my view these are the major things make cloud computing risky..
1. Abuse and Nefarious Use of Cloud Computing
2. Insecure Interfaces and APIs
3. Malicious Insiders
4. Shared Technology Issues
5. Data Loss or Leakage
6. Account or Service Hijacking
7. Unknown Risk Profile
Add a comment
Not registered? We'll create a new account for you when you add your comment