They’ll Huff and They’ll Puff, but Can They Blow Your Data Center Down?
Choosing a cloud vendor
– Jamie Brenzel, CEO, KineticD, says:
The third little pig had the right idea when he built his wolf-proof home, but how secure is it from non-canine threats? Who is the best cloud vendor for you?
Companies of all sizes have been utilizing online backup as a preferred method of storing and protecting data, but the notion of government agencies being able to access corporate data has left many organizations rethinking the decision to move vital company assets to the Cloud. In spite of the turmoil, executives must remember that not all data centers are wolves in sheep’s clothing.
Like any other business decision, when selecting a cloud backup provider there are key questions to consider in the research process. The reality is, backing up company data has become a necessity, and in terms of cost efficiency and ease of use, online backup is ultimately superior to traditional backup methods. Security protocols need to stay top-of-mind for any business, considering it is one of the most effective way of protecting their important assets.
Straw and Stick Data Centers Need Not Apply
Contrary to popular belief, the Cloud is not actually a cloud. It is a collection of servers that are located in a physical location. When evaluating cloud vendors, look at the security of the physical location.
The data center needs to be built on a foundation that is multi-faceted, redundant, strong and flexible. In case its security is breached; the Cloud provider should have various safeguards in place to defend the entire system.
Here is a list of criteria to ask potential cloud providers:
- Data Center Security – You would want your bank to apply advanced technical measures to protect your assets. Securing corporate data should be no different. As a significant part of your overall contingency plan, look for secure, automated data transmission and storage services for data backup and recovery.
- Security Personnel – What does the 24/7/365 security look like around the premise? Are there personnel that patrol the surrounding area, and does it have other security procedures in place, such as optical turnstiles and door entry card access?
- Server Redundancy – Ask about server redundancy. Typically, storage servers need to be replicated in real time with a redundancy protocol, such as RAID 6 disk arrays.
- Third Party Validation – Ask to see the vendors certifications, such as SSAE16 and HIPAA, these ensure that a third party has audited the data center.
- Electrical –High performing data centers should match the requirements of the equipment within the facility. Are the power and electrical sources fed from a local substation?
- Secure Access – Has the building been designed to the highest standard of security, reliability and connectivity?
- Back-up Generators – In case of an emergency what is the back-up power source?
Secure Data from the Inside As Well
The following are a list of best practices to consider before moving your corporate data into the Cloud.
Consider the following data security measures:
- Individual Password Protection – Having a strong password and making sure it stays secure is essential when protecting data. The following tips will help identify ways to keep it secret and keep it safe.
- An individual password should be developed and maintained by each user for a unique encryption key to be ultimately created.
- Before being moved into the database, the password should be encrypted and locked preventing even an administrator from being able to retrieve it.
- After activating the account, users should be prompted to choose a password and set up a security question. In case the password is forgotten or there are repeated attempts to login in with an incorrect password, the system should lock them out after multiple attempts. Only when the security question is answered correctly is the password able to be reset.
- If the security question is answered incorrectly then the user should be blocked. If there is a situation where the user forgets both the password and the security question, then the Cloud provider must assist the end-user in a manual identity verification process.
- End-to-End Verification – Whether working with a PC, MAC, server, laptop or tablet, files should be checked though a cyclic redundancy check (CRC) signature. Data should then be re-verified each time it is written to a disk. If it fails, it is recovered or retransmitted from the replica server.
- Secure Protocol – Hackers generally don’t invest any effort in breaching a propriety protocol and tend to go after more susceptible protocols, including FTP, HTTP and WebDav. Look for data centers that have implemented software that is specifically for internet backup.
- Firewalls – To maximize compatibility with home and corporate firewalls, the protocol used by the backup client provided by the Cloud vendor should be designed to look to a firewall just like the SSL protocol used in web browsers. In other words, if you are able to surf to the Cloud provider’s web site, you should be able to connect with its backup software.
- Corporate Remote Access Policy– VPNs and firewalls are used to control access to data from outside the organization, but it is rendered a moot point when the data is stored off-site. Additionally, those same features that encourage users to backup and restore their laptop data while traveling could violate the company’s information policy. A proper cloud provider will include the ability to restrict data access to specific IP addresses, which can be defined by a corporate administrator. Once those definitions are in place, designated locations can be used to access data.
- Encryption – Probably one the most important aspects of securing data is the algorithm used to encrypt data within the center. Many have chosen Advanced Encryption Standard (AES) to protect data within the confines of the data center while others have incorporated 448-bit Blowfish encryption to protect corporate data because this secure “bank grade” encryption algorithm has never been cracked. Regardless, ask the provider about their encryption methods, don’t assume this is something that is part of the backup and recover model they offer.
Even though the debate surrounding the security in the Cloud rages on, the fact is that the best defense for SMBs is to arm themselves with the knowledge they need to make good decisions about protecting their data.
About the Author
Jamie brings over 15 years of experience in investment banking and entrepreneurial startups to his role as CEO of KineticD. He holds an Honours Bachelor of Arts degree in Politics and Philosophy from the University of Western Ontario.