Of all the questions and concerns we hear on a daily basis from potential and existing customers, none eclipses Cloud security concerns. None. For companies and private consumers looking to make the jump to Cloud solutions, the largest concern which always comes across is the security of Cloud stored data and if a third party Cloud vendor can properly secure said data. But before we even get started, the one thing we have to mention is the threat of hacking. Yes, hacking happens. Yes, your Cloud provider can be hacked and yes, your servers will never be fully 100% safe from external intrusions. That being said, below is a quick guide to what you, the client, should look for in a Cloud provider when it comes to data security concerns.
Before you can even consider looking into a viable Cloud hosting solution, you need to first look internally at the type of data your company deals with. This especially applies to company who deal with ID specific data. ID specific data, or data which contains personal identification markings calls for a higher level of security than non ID specific data. For ID specific data companies (financial, healthcare, transactions via credit cards) there are going to be higher levels of legal specifications needed to store and house sensitive Cloud based data. A simple example of this is all healthcare data is governed under HIPAA or The Health Insurance Portability and Accountability Act of 1996. The act determines how sensitive healthcare data must be stored and protected to insure said data isn’t exposed. Similar laws and regulations exist for other types of sensitive ID specific data. With this, the first rule of looking into a Cloud provider is understanding and asking your provider if they follow the state by state mandated legal guidelines for the storage of ID specific data. The second necessity before joining a Cloud provider is understanding at all times where your data is being stored and what firewalls/guidelines your data is being protected by. It goes without saying, but as the client who is handing data access over to a third party, you should always – always – know where your critical business data is.
Know Your Cloud Provider
The next step in investing your company in a Cloud host is knowing the hosts infrastructure through and through. This means having a full understanding of the data center your Cloud provider operates out of. Does your web hosting company have their own data center facility which only they have access to or do they operate out of a large scale data center which houses many companies? The difference between the stated options aren’t to be looked over. Why?
- Own Data Center Means Self Regulation – A provider who owns and operates their own data center means that provider is the only team with full access to your servers. It means the IT management, security, cooling, racking, infrastructure needs/demands, power demands and access are strictly handled by a singular IT team.
- Third Party Data Center Providers Means Security Controls – Right off the bat, if your biggest concern is data security, why in the world would you want to utilize a Cloud solutions provider who operates out of a data center where the rent space? Why would you want to use a Cloud service provider who doesn’t have full control of the environment in which your servers, racks and cabinets are placed? It doesn’t make any sense.
- Power, Infrastructure and Cooling – An important aspect of any data center ecosystem is how the physical data center is physically set up. When entering into a Cloud hosting contract, it is a great idea to take a tour of the data center facility to see how your servers, racks and cabinets will be set up in conjunction with the rest of the web hosting equipment already deployed in the facility. By touring the facility you will gain a better understanding of hot and cold isles, power supplies and auxiliary power supplies, cable management and easily over looked details like a data center raised floor or cabinet doors which slide open/back to avoid isle blockage. For clients, these are all important aspects to understanding your deployed Cloud hosting data center environment.
Understanding Governance, Compliance and Cloud SLA’s
Outside of understanding the physical infrastructure of your Cloud providers data center, the other major aspect to protecting your sensitive business data in a Cloud environment is understanding the rules of governance within the Cloud security world. So first things first: the Cloud SLA.
- Cloud Service Level Agreement – The Cloud hosting SLA is a document which lays out the standards of operation and service your Cloud provider will supply you with. A great example of a SLA mainstay in the web hosting world is service downtime. Depending on the level of provider and what tier data center they operate out of (Data Center Tiers range from 1 – 4), a Cloud solutions provider will specifically state the length of downtime allowed during a given period of time; these times are normally spaced out by weeks, months and years. For example: if you choose to utilize a Tier 3 data center Cloud provider, your provider will guarantee you 99.982% uptime over the course of the year. If downtime eclipses the allotted percentage, the contract is broken and you are entitled to monetary compensation/credits per each overage of downtime. Downtime matters, just ask Amazon. From Buzzfeed:
- Cloud Providers Are Different – Understand, the rules and laws which govern Cloud providers vary and more over, the compliance with those rules and regulations vary. Before signing on the dotted line, as the client you have to understand, acknowledge and be happy with how your web hosting solution of choice complies with general Cloud governance regulations. If you aren’t satisfied – more importantly if your provider doesn’t meeet your data security compliance needs, don’t hire them.
“Amazon.com — along with its mobile counterpart — appears to be down as of around 2:55 p.m. EST. That means it’s a good time to do some analysis of how much Amazon’s sales activities are worth per every minute that the site has been down (and it appears it’s been down for about 10 minutes now). Amazon’s net sales in North America in 2012 were about $34.8 billion. And there are about 365 days in a year, breaking down to about 31.5 million seconds. Divide those two and you get a number of about $1,104 in net sales per second, on average.” – Matthew Lynley, (8/19/13)
Making the Choice
At the end of the day, the choice comes down to your understanding of how your Cloud provider of choice operates, the facility they operate out of and the Cloud compliance under which they conduct business. For the vast majority of data security concerns, high level Cloud service providers like Solar VPS have already tackled the basic issues which trip up newer providers and start ups. For clients, Cloud services like the Linux and Windows VPS solutions Solar VPS provides can dramatically decrease your monthly IT spend, dramatically increase your data security and your company productivity. Just make sure to investigate the provider (even if it’s us) before you invest your money and your vital company data in a Cloud provider.
What about you? How do you, as clients, feel about investing your critical business data with a Cloud provider? Does it scare you? Does data security not matter to you? Leave your thoughts below to let us know or tweet us.