You really shouldn’t be worried about cloud security. Really.
The best people that host your data in the cloud – managed service providers – also have the best security technologies and policies. What kinds?
For starters, they deploy the most advanced firewall protection that scrutinize data “packets” and limit users from accessing both servers and certain types of data even after they’ve got access to a server. They have built-in alerts in case unauthorized users attempt to gain access to a system. They keep scrupulous logs of all activities and events with immediate notifications when something seems not right. They keep data encrypted at the highest levels so that even if a breach does occur the information is inaccessible. They do backups and ensure that everything is always up to date all the time. Why? Because it’s their job.
It’s also their job to make sure the facilities where your data is housed are state of the art. They pride themselves on building the best physical data centers around the servers with access allowed by fingerprinting or face recognition. In addition, some managed services firms allow their users to access data only by using physical encryption keys. All of this is done to ensure that your data is protected at the highest level possible.
But that’s not all.
While you’re out and about fixing roofs, landscaping corporate office parks, designing buildings, adding up numbers or caring for patients, your managed service provider is just…well…managing your data. You have your job and they have their job. You hire and train experienced people to do the work for your customers. They do the same for theirs. You’ll never be as good at network and data security as them. You’ll never be able to hire the high-priced, experienced engineers and professionals they use to manage their servers and if you do then I bet you’ve got better ways to spend your money.
Finally, you’ve got your business model and they’ve got theirs. If your processes don’t work, then you’ll be shipping bad products or providing unsatisfactory services. Your business won’t last too long that way. A managed service provider has the same responsibilities. Their entire business model is dependent on them doing what they say they’ll do, which is managing and delivering your data as fast and as securely as possible. If they fail to do that they, like you, would also be out of business.
All of that is true. But what is also true is that data breaches still happen. So does malicious software attacks like ransomware that encrypt data. In very rare occurrences this could be the fault of the managed service provider. But studies like this show that these events are more often caused by user errors. That’s you, me and our employees. So how do we protect ourselves?
For starters, we get training. If you have a good IT consultant that you work with, it’s worth it to shell out a few bucks and then bring them in every quarter to update you and your employees on the latest issues as well as teach how to identify potentially troublesome attachments or “phishing” sites. Also consider subscribing to services like KnowBe4 where you can surprise your employees with controlled, customized incidents that will test their awareness.
Next, have good internal security procedures. Protect your hardware. Insist on frequent password changes. Make sure you’re using two-factor-authentication to access your network and applications. Talk to your managed server provider about their backup procedures and consider subscribing to a redundant backup service like Carbonite or iDrive – these are not that expensive and besides, you can’t put a price on your data protection.
Finally, work with a reputable managed service provider. Get references. Read about them online. Visit their facilities. Interview their staff and understand their competencies. Get familiar with their infrastructure framework and ask if they’re HIPAA, PCI, or GDPR compliant (you can look these up). Finally, be upfront about costs and understand what you’re getting for the monthly fee and be very specific about what their responsibilities are. All of these matters, and others, should be included in your contract with them.
Sometimes I think that many people are wary of leaving their data in the cloud mainly because they’re ignorant. It’s understandable because it’s not what we do for a living. But once you do a little research and get some education you’ll realize that cloud security really is good. Really.