Businesses of all sizes today want to participate in the exponential growth of cloud computing but as a small business how do you select a cloud service provider that best suits your own individual requirements?
While cost might be a top priority, security and continuity should always be paramount regardless if conducting business on-premise or in the cloud.
So, what security does your provider offer?
1. Be sure to get some type of transparency from the provider in terms of what security services they offer and how they implement it plus details on how they train their staff. They might not give you the full detail but unless they give you something, you’re only going off trust at that point. Take it for what you will.
2. Confirm what security and privacy standards the provider adheres to. We already have the mandatory data breach notification laws in place in Australia but later this month the European General Data Protection Regulation (GDPR) requirements take effect. If your company deals with a customer-base in the EU market, this is huge. Penalties can vary from four per cent of worldwide revenue or 20 million Euros, whichever is higher.
Cloud providers have servers spanning the globe. Storing data with them does not guarantee you’ll get the server closest to you and nowhere else, it may even be abroad in other countries. Albeit some providers offer different availability zones that allow data to be stored in a certain area; ask them about these options. A layered secured model can ensure that various aspects are covered in the event of an issue; all hardware and software is prone to undisclosed vulnerabilities.
3. Business continuity plans are vital to both your own company, as well as a cloud provider’s offered services. What is their plan to protect your continuity? For on-premise business continuity, having a failover is important to keep things moving forward in the event of a disaster.
Hot or cold backup sites are available on the market and if staying up is critical, then locking down a solid continuity plan should be a big focus. Have various backups of data in different places for accessibility should the main go-to location go down.
Should you utilise a cloud service provider, you would expect them to take care of that on their part. Ask them about their plan in the event of an outage at a site — how would that effect your company? What is an estimated time of recovery? Do they ensure backups of your data or does that fall on you? Even if the provider offers backups, professional recommendations are to have your own backups as well.
4. How secure are they? Regardless how big a cloud service provider might be, they are still targets of hackers who may try to penetrate their defences. When data is in transit between local devices and the cloud, user tokens come into play to prevent the need for continual login for updating and syncing data. Besieged by data breaches, denial-of-service attacks, and account hijacking, or falling prey to man-in-the-cloud attacks, know how they will ensure the flow of work runs smoothly.
Ultimately, proper planning and research will ensure that the provider of your choice offers the security required to protect your data and business, adheres to security and privacy standards set forth by various entities, ensures disasters won’t impede your business workflow, and that they are secure enough to do business with moving forward.
Mark Sinclair, ANZ Regional Director, WatchGuard Technologies