A little while ago, Australian cyber security news company Security Brief AU released an article stating “alarming statistics show that cloud security is not being taken seriously enough.”
Statistics cited in the Security Brief AU article include:
- 78% of information stored in the cloud is personal information
- Over 50% of all businesses surveyed had not conducted risk assessments or Service Level Agreements with their cloud service contractor
- 44% of businesses did not know where their cloud provider’s servers are located
The above stats from the Australian cyber security news firm highlight a distressing issue: many companies aren’t paying enough attention to their security on the cloud.
Considering the impact that a data breach can have on your company and its clients/customers, is your company paying enough attention to data security?
Here are a few things to consider before you answer that question:
1: How Protected is Your Cloud Hardware?
When your company is sold cloud services, many cloud providers might try to skip over the question of where their servers are located. After all, does it really matter where the servers are if you’re on the cloud?
As it turns out, yes, the location of your hardware can make an enormous difference in the security of your cloud. A Tier IV data center provides numerous benefits for security and availability that lesser data centers just don’t offer.
Tier IV data centers are designed to take the rigors of a Category 4 hurricane and keep going. Can your cloud service provider’s data center claim the same?
2: Is Data on Your Cloud Encrypted?
Your cloud service provider should inform you if they offer data encryption. Data encryption is a basic, but vital, means of keeping the personal information stored in your cloud environment safe in case of a breach.
If your cloud service provider doesn’t have an encryption solution, you should seek one for your data ASAP.
3: What is Your Disaster Recovery/Business Continuity Plan?
Modern businesses need to have instant access to their mission-critical data on a moment’s notice. In the event of a disaster, what are your recovery time objectives and recovery point objectives with your cloud service provider? Do you have a disaster recovery solution with your provider?
Getting with your cloud provider to sort out your RTOs and RPOs in case of a disaster is critical for ensuring your own company’s ability to meet SLAs in case of a disaster that takes down your primary cloud environment.
With any cloud service provider, the faster your RTO, and the more up-to-date your RPO, the more expensive such business continuity service will be. Discussing your RTOs and RPOs with your cloud provider is an important part of your business continuity planning.
4: How Much of Your Data Security is Your Company Responsible for?
Most cloud providers will clearly outline which parts of your data security they’ll cover, and which are your responsibility. However, even the most secure cloud cannot protect against the careless handling of data.
Employees inside of your organization need to be trained in the safe handling of data on the cloud. Teaching employees to recognize the difference between legitimate requests for data and phishing attempts designed to steal their user credentials is also important.
Your cloud provider should be able to outline what they’ll be able to protect, and what you need to do to maintain the safety of your company’s sensitive data.
If your provider cannot answer basic questions about who’s responsible for what on your cloud, it might be time to find a new partner for secure cloud service.