What Your Business Needs to Know about Cloud Security

What You Need To Know About Cloud SecurityWhen your business looks to store data on the cloud, use cloud applications to improve processes, or subscribe to one of the many cloud solutions available for your company; there are certain things you need to know.  Trustantial, a leading provider of cloud insight and cloud services, would like to share information and questions you need to ask before storing data on the cloud.

With special thanks to CIO Magazine for their article “9 Things You Need to Know before You Store Data on the Cloud,” we would like to introduce you to the trends in storage and security.

1. Make sure the cloud vendor is up-to-date on data center and industry certifications. “The cloud storage provider [you choose should] be compliant with your industry’s privacy and security compliance needs,” such as HIPAA and PCI, says Karl Bickmore, president, CCNS Consulting, an IT outsourcing provider.

Also, make sure the vendor is in compliance with “new regulations, such as SSAE 16, which recently replaced SAS 70,” says Raghu Kulkarni, CEO, iDrive, a provider of online backup services. “SSAE 16 is a critical audit standard, especially for companies with financial data and in public sectors, as well as other industries where data security and integrity is important.”

2. Pick a provider that knows your industry. “Sometimes you cannot go wrong simply choosing the largest cloud providers based solely on reputation and longevity, but there is value in choosing a provider that understands your business [or industry],” says Mark Wojtasiak, segment marketing manager for Cloud at Seagate, a provider of storage solutions.

Related: An Elegy to Private Servers

“Data storage needs differ from one industry to the next,” Wojtasiak says. “Perhaps your business is in finance, healthcare or the media and entertainment industry. There are cloud storage providers that specialize, or at least have a keen understanding of your industry and the data you need to store,” he says. “Such knowledge and understanding can make a huge difference.”

3. Understand the bandwidth limitations. “If you are going to be using cloud as part of a backup strategy, you need to understand the bandwidth limitations both for the initial backup of a large amount of data, as well as what will happen should you need to restore a large amount of data,” says Ed Featherston, enterprise architect, Technology Services, Collaborative Consulting. “Does the provider offer a bulk transfer capability? What are the bandwidth limitations to the provider’s locations?”

“Cloud storage requires moving data outside of the enterprise’s local area networks into a wide area network, often resulting in a higher cost and bandwidth requirement for cloud storage,” says Paul McClure, chief technologist, Cloud Solutions Group, at data management provider CommVault.

“Bandwidth and transfer speeds drive the time expectations on how long it will take to move data over the wire. This can be minutes, hours or even days,” McClure says. “Bandwidth cost, potential and time are important factors to consider.”

Related: Three Things missing from Enterprise Cloud

4. Make sure data is encrypted. “Protect your sensitive data with strong encryption before transferring it into the cloud,” says Jonathan LaCour, vice president of Cloud at DreamHost. “Some storage providers may offer server-side encryption, but encrypting your data on your own might be wiser.”

“Keep in mind that if your service provider encrypts your data, then the service provider can decrypt your data,” says Lawrence Garvin, head geek, SolarWinds, a provider of IT management software and monitoring tools. “If the data is encrypted before it is transferred, then only you can decrypt the data. Be sure that your data is encrypted before transferring to the cloud, or even to off-site storage.”

5. Carefully read the provider’s SLA before signing up. “Providers offer choices of storage service levels, and storage services should include on-demand scalability to keep applications running, snapshots for crash-consistent local and/or offline backup, available off-site backup and/or disaster recovery and high availability storage without disruption due to maintenance/upgrades,” says Tom Hobika, senior vice president, IT services, EarthLink, a provider of IT, data, voice and Internet services for businesses.

Related: Subscription Challenges Solved in Cloud Computing

“The vendor’s SLA should include guarantees for the applications and data it will host. At a minimum, it should cover availability of data and systems, response times for normal-issue severity levels and response times when dealing with specific security issues,” says Hobika.

6. Know how much the cloud will actually cost you. “When pricing out cloud services, understand completely what is covered in your monthly service and what is extra,” says Casey Burns, senior product marketing manager, Cloud and Virtualization at Quantum, a provider of data center and scale-out storage solutions.

Related: The Dangers of Traditional Financial Management

“Often there are additional charges for activities such as ‘put and get’ (sending your data to the cloud and getting it data back), DR testing associated with your service and boosting bandwidth beyond a specified limit,” Burns says. “It’s best to do some costing models comparing your existing solution and the full costs of a cloud service before jumping into the cloud pool with everything you have.”

7. Don’t overbuy storage. “Determine the appropriate amount of storage for your organization’s current and future needs,” says Jeff Erramouspe, CEO of backup provider Spanning Cloud Apps. An IDC studyshowed that most businesses experience between 40 to 60 percent growth in data volume annually. So, you can keep buying more storage terabyte by terabyte, unless you have a per-user pricing plan,” he says. Moreover, “in choosing a per-user plan that doesn’t limit your storage consumption, your annual pricing is much more predictable. You always know how many users you’re going to have, you rarely know how much storage you’re going to use.”

Related: What is Driving Data-as-a-Service Growth?

“Avoid buying more storage than you need,” says Hubert Yoshida, CTO, Hitachi Data Systems. “Data centers decline in price by about 24 percent per year and thus buying with a pay-as-you-go model will drive cost effectiveness and efficiency,” he adds.

8. Make sure you can recover/restore your data. “When you’re looking for a backup provider, don’t forget to think about the other part of the equation — recovery,” says Pete Lamson, senior vice president at storage provider Carbonite.

Related: Cloud Computing will Drive IT Financing

“Before you commit your data to a vendor, find out how quickly you’ll be able to get it back in the event of data loss or disruption, what the restore process looks like and what kind of support you can expect to receive if you run into any issues,” Lamson says. “This will help you set expectations for the business and can help you minimize downtime.”

“Many services make backing up easy but restoring data quickly and efficiently can be difficult and costly,” says Aaron Saposnik, infrastructure solutions consultant, SWC Technology Partners. “Check if a vendor will send you a hard drive with your data or allow easy data restore (and if they charge extra for these services) before signing up.”

9. Finally, have a backup plan. “Should you decide to leave the cloud or the cloud provider decides to leave you [goes out of business], have a business plan ready to go to move to a new cloud with minimal disruption,” says Brian D. Kelley, the CIO of Portage County, Ohio.

5 Questions to Ask Your Cloud Provider

Before you store any data in the cloud, “check up on the company,” says David Willson, an attorney specializing in cyber security who is a partner at ONLINEintell, a corporate intelligence firm. Ask for references — as well as the following five questions:

  1. How long has the company been in business?
  2. Where are their servers located? (“Storing your data in multiple data centers or regions around the world can help you survive local and regional outages,” says Casey Rosenthal, director of professional services at Basho, a distributed database provider. “This improves the uptime of your data as well as your ability to recover from data loss.”)
  3. What is their security like? (Is it badge-protected facility with cameras everywhere?) Will they provide a copy of their policies?
  4. Have they had a security audit in the last year and will they share the results?
  5. What assurances are they willing to make, in writing, that they will a) notify you as soon as a breach is detected; b) take swift action to work with you to correct the situation; and, c) insure you for loss or theft (if they go bankrupt, say, or law enforcement seizes a server)?

More and more businesses of all sizes are storing some or all of their data in the cloud. But before you move to an online storage provider, there are some things you should know (and ask) about cloud storage and recovery.

Trustantial is a leading provider of cloud solutions for Intacct financial management.  We understand the value of financial planning and insight in the cloud.  Read through the rest of our blog, read through other services we offer, and learn more by calling your new Texas Cloud Provider.

Still have questions? Contact us.

Trustantial is a full-service technology consulting firm focused on providing mid-market and enterprise customers with technology solutions that accelerate their business. We focus on industry leading cloud, ERP and CRM solution implementation and integration. Our strong business acumen and technology capabilities allow us to create long-term relationships with our clients.

Still have questions? Contact us.

Trustantial is a full-service technology consulting firm focused on providing mid-market and enterprise customers with technology solutions that accelerate their business. We focus on industry leading cloud, ERP and CRM solution implementation and integration. Our strong business acumen and technology capabilities allow us to create long-term relationships with our clients.