The best people that host your data in the cloud also have the best technology and security policies.
Why? Because it’s their job.
It’s also their job to make sure the facilities where your cloud data is housed are state of the art.
They pride themselves on building the best physical data centers around the servers with access allowed by fingerprinting or face recognition.
In addition, some cloud providers allow their users to access data only by using physical encryption keys. All of this is done to ensure that your data is protected at the highest level possible.
While you’re out and about fixing roofs, landscaping corporate office parks, designing buildings, adding up numbers or caring for patients, your cloud provider is just…well…managing your data. You have your job and they have their job.
You hire and train experienced people to do the work for your customers. They do the same for theirs. You’ll never be as good at network and data security as them. You’ll never be able to hire the high-priced, experienced engineers and professionals they use to manage their servers and if you do then I bet you’ve got better ways to spend your money.
Finally, you’ve got your business model and they’ve got theirs.
If your processes don’t work, then you’ll be shipping bad products or providing unsatisfactory services. Your business won’t last too long that way.
A cloud provider has the same responsibilities. Their entire business model is dependent on them doing what they say they’ll do, which is managing and delivering your cloud data securely and as fast as possible. If they fail to do that they, like you, would also be out of business.
All of that is true. But what is also true is that data breaches, or malicious software attacks like ransomware that encrypt data, can still happen. And studies like this show that these events are often caused by user error. That’s you, me and our employees.
For starters, we get training.
If you have a good IT consultant that you work with, it’s worth it to shell out a few bucks and then bring them in every quarter to update you and your employees on the latest issues as well as teach how to identify potentially troublesome attachments or “phishing” sites.
Also consider subscribing to services like KnowBe4 where you can surprise your employees with controlled, customized incidents that will test their awareness.
Next, have good internal security procedures.
Protect your hardware. Insist on frequent password changes. Make sure you’re using two-factor-authentication to access your network and applications.
Talk to your provider about their backup procedures and consider subscribing to a redundant backup service. After all, you can’t put a price on your data protection.
Finally, work with a reputable provider. Get references. Read about them online. Visit their facilities. Interview their staff and understand their competencies. Get familiar with their infrastructure framework and ask if they’re HIPAA, PCI, or GDPR compliant. Be upfront about costs and understand what is and is not included. Be very specific about cloud data security and what the provider is responsible for. All of these matters, and others, should be included in your contract with them.
Sometimes I think that many people are wary of leaving their data in the cloud mainly because they don’t know what the cloud is. Not knowing is understandable though, because it’s not what we do for a living.
But once you do a little research and get some education you’ll realize that cloud security really is good. Really.
Originally published July 8, 2019. Updated July 23, 2021.
Join our mailing list and get all of the latest news delivered straight to your inbox.