The benefits of small businesses using cloud computing for storing personal, business, or sensitive data have been widely heralded. Unfortunately, the cloud isn’t always risk-free and some providers are better at ensuring security than others. It’s up to you to do the research to identify which provider will be the best fit for your business.
Before selecting a provider, make sure to find out the answers to these 10 questions.
Where are the cloud servers located?
Julie Knudson points out that one potential fear small businesses have with cloud computing is the lack of physicality. If you aren’t informed, it can sometimes feel like cloud providers just vaguely store the information “somewhere.” Perhaps subconsciously, business owners might equate being able to see where the information is kept to a sense of security. If this turns out to be an issue, resolve it by finding out more information on the physical components of the cloud. Knowing a little bit about the physical servers where your information is stored can be very valuable for peace of mind.
Who has access to stored information?
As far as security goes, the fewer people that can access your information, the fewer causes for concern. Before signing up with a cloud provider, take steps to find out exactly who will be able to access the information and why those people have been granted access. Not only will this help you feel confident in the provider, it will also help them find out how a breach occurred if one does.
What steps are taken to protect stored information?
In addition to knowing the number of people with potential access to the data, it is important to find out what security measures are being taken on the provider’s end. It is a good idea to learn as much about a provider’s security processes and polices as possible to ensure that your information is being protected. However, please note that just making sure the provider has safeguards is not enough. It is important that you also take steps to secure your information.
Have there been any breaches in the last few years?
One way to decide if a provider is as secure as they claim is to take a look at their track record. Just because they had problems in the past, does not mean those problems haven’t been corrected. And just because they haven’t had problems, does not mean they will not. But getting a sense of how secure they have been and how they fixed any issues, as part of the overall security picture, is a good way to pick a safe provider.
If a breach were to occur, how would we be notified?
Even with the best security, a data breach can occur. When researching a cloud provider, ask how notification would be given in the event of a breach.
- How will the provider make this breach known to its users? (Email, phone, social media, etc.)
- How timely will the notice be?
- How often will we receive communications until the issue is resolved?
You want to make sure that the provider you use will give notice in a timely and appropriate manner.
If a breach were to occur, what steps would be taken to correct it?
If a breach were to occur, the provider should be doing more than just notifying users; it should actively take steps to correct the breach. Things a provider should be doing might include:
- Figuring out why the breach occurred;
- Figuring out what information was breached;
- Notifying credit bureaus;
- When necessary, complying with law enforcement; and
- Taking steps to ensure that as little information as possible was taken.
State law has a lot to say about what a provider should do if personal information has been breached.
If a breach were to occur, what steps would be taken to ensure it does not happen again?
After a breach has occurred, it is vital that a provider take steps to ensure it does not happen again. While it is not possible to fully eliminate the threat of breaches, it is possible to reduce their chances. After a breach, the provider should look at many different things and act accordingly.
- What caused the breach? Was it a security fault on the provider’s part?
- When the breach occurred, did they find out about it promptly?
- Was notice handled correctly?
Once these, and other, questions have been answered, the provider should take steps to ensure better security in the future.
How does the provider ensure that deleted data is actually deleted?
Data that is deleted by the cloud user might still exist somewhere on the cloud. While it may not be able to be accessed by the user anymore, it could still be accessed by a hacker. As Knudson’s article points out, there are, however, technologies that eliminate all such instances of this information. While it might mean paying more for the service, if you and your business have highly sensitive information that needs protection, you must take the time to talk to the cloud provider about this technology.
What type of customer service is available? (e.g., real-time, email, etc.)
How is customer service handled?
- Is it easy to reach someone?
- Is there real-time communication available, such as through IM or video chats?
- Are there multiple options available to communicate?
What level of customer service is available?
One final thing that is important to learn is how good the customer service is. There are many ways to figure this out.
- How well/quickly/kindly did they answer the questions asked during the research process?
- What do other businesses that use the provider say? Are there any reviews?
When it comes to protecting data, you want to make sure you can get answers when they need them. This means that your provider needs to offer good customer service along with all their other services.
Picking a Cloud Provider
For help getting started with selecting a cloud-based voice and data provider, take a look at Allied Telecom.