Image via Wikipedia
Can the cloud be trusted? Yes, but you still have to do your homework!
The public cloud represents a utility model of computing: you pay for what you use, scaling up or down as needed, without having to worry about back-end stuff like installing updates and keeping server racks cool.
But giving up the burdens of management also means giving up the comforts of control. How can you be sure your cloud provider has your best interests at heart? Will they take steps to ensure the safety of your data?
According to research from the Ponemon Institute, the majority of cloud providers (69 percent) believe security is primarily the responsibility of the cloud user. A mere 16 percent of cloud providers say security is a shared responsibility.
In other words, you’re right to be worried. But not too worried. Worry, in the correct dosage, is a good thing, because it leads to smarter decisions. In excess, it gets in the way of opportunity.
So don’t let security concerns paralyze you. The cloud is a wonderful thing, and if you’re scared of the above statistics, you shouldn’t be, because cloud providers are right: security is your responsibility, no one else’s. (So is finding quality vendors, many of whom are seeking a competitive advantage by offering comprehensive security to their clients. Hint, hint.)
As an aside, we predict most cloud vendors won’t be so blasé about security for very long, once the adoption of cloud computing plateaus, with a lot of small and mid-size businesses (SMBs) waiting for cloud providers to get serious about security.
The larger point we wish to make is that you can never assume security. You must research, trust (and then verify) when you choose a public or private cloud provider, or take steps on your own end to mitigate your risk. In an ideal scenario, you’ll do all of the above.
This makes finding a cloud computing vendor a lot like finding any other vendor when sensitive information is involved. For example, if you’re looking for payroll services, do you take steps to ensure the trustworthiness of the service provider who will be handling your employees’ personal information, including social security numbers and bank account numbers? Of course you do! The same kind of due diligence — no more, no less — is required when moving IT apps or parts of your infrastructure to the cloud.
Speaking of due diligence, here’s a list of suggested criteria when considering a cloud vendor:
Evaluating a prospective cloud provider
Key metrics for measuring overall trustworthiness:
- Years in business
- Datacenter locations
- Customer reviews (online, firsthand)
- SAS70 certification
- BBB accreditation/compliant history
- Customer service (accessibility, reliability)
- Secure socket layer (SSL) protection?
- Privacy policy – Clear and fair?
- Terms of service – Clear and fair?
- Vertical-specific considerations: HIPAA, PCI DSS compliance
If you need assistance or have specific questions, we’re happy to work with you and evaluate the solutions that are right for your business needs. Also, we can help you explore available options (including hybrid-cloud solutions) that can keep your business going in the right direction. Contact us with any questions you may have!
