It seems like every other day you hear about another data breach. Most notable is the recent attack on Facebook, although there have been many more just as alarming. With cloud storage growing in popularity it begs the question: how secure is my data and what steps are being taken to protect it?
To ensure your company doesn’t become the next big headline, it’s a good idea to take an inventory of your current solution and determine if everything is being done to protect you and your customers’ data.
Here are some simple questions you should be asking to make sure you’re getting the protection you need.
What protections are in place?
The first step is understanding the difference between data security and data protection. While data security deals with keeping your information safe from hackers, data protection involves making sure you can recover from a system failure, security breach, or a natural disaster.
While both are important, it’s good idea to ask your cloud provider about what systems are in place to keep your data safe in the event of a cyberattack or unexpected downtime. As some providers are better equipped to handle one or the other, it makes sense to get a thorough understanding of exactly what it is you’re paying for.
What role does my organization play?
One of the key aspects of your cloud protection comes from within your organization. Without a strategy in place and adequate employee training on that strategy your data may be in danger. 95% of cloud security failures are the customer’s fault.
Developing a cloud strategy will give you the security you need to protect your data from within.
What kind of encryption is being used?
As you can probably imagine, encryption is complicated. In the simplest terms, data needs to be protected when it’s in transit, in use, and at rest. Transport Security Layer (TSL) encryption is the safest and most popular type of encryption. Adding encryption when data is first created created can add another layer of protection to keep your data safe.
Related: Data Encryption 101: A Helpful Guide
The Cloud Security Alliance recommends that data should be encrypted:
- With approved algorithms and long, random keys
- Prior to being sent to the provider
- Remain encrypted in transit, in use and at rest
Since the you’re ultimately responsible for the data, not the cloud provider, it’s a good idea to restrict their access to the decryption keys. If you’re not sure how to do that, contact a managed services provider for help.
Have there been any recent attacks?
This may seem like an obvious question but it’s a vital one that’s often overlooked. If the cloud provider you’re using has been targeted multiple times by attacks, there’s reason to worry. You will also want to find out what the scope of the breaches were and what steps have been taken to mitigate similar attacks in the future.
A data breach in the past shouldn’t disqualify a provider from earning your business. However, if the issue hasn’t been resolved or they’re currently dealing with the fallout of a breach, you will probably want to consider other options.
Final thoughts
While it’s a good idea to maintain a healthy degree of vigilance when it come to your cloud storage security, millions of users information are safely stored in the cloud every day. There are a lot safe and secure cloud storage options out there and by asking the right questions, you can find the best option for your business.