Tag: Security

 

Business Security Insights: Is your business safe using cloud technology, cloud data?

Cloud Uploading (Database)

“Data is the new oil? No: Data is the new soil.” – David McCandless

SOIL DATA
Grow your livelihood on, food, house etc. Grow your business with
Protect from external damage, e.g. pestilence, pollution, wind etc. Virus Protection
Protect from Theft with fences and security Security, firewalls, good IT practices, backups

This analogy is really quite apt once considered.  Therefore knowing how safe cloud technology is it is vital you plan to use this technology for your business.  Most companies have or are already using cloud technology due directly to the lower costs that are associated with this technology.

The answer of safety relies on legal and trust aspects in its response and generally this relates to the dollars invested and the federal laws that apply to your cloud based location.

In this article, I will explore some of the areas of Safety that you have control of.

In House Server, Rent Infrastructure, or Rent Space and Infrastructure?

Recently I chatted with a corporate IT manager, and we discussed the pros and cons of exactly this option.  Due to a company mandate, this companies board has selected that this company may not “rent” space on another company’s server.  They feel the risk is too high. Instead they have opted to have their own server – in house.  This has led to all sorts of bottle necking, as they simply do not have the internet resources to service their own needs.

So what to do.  They either need to invest in massive infrastructure – which frankly is a waste of money, or they can rent the infrastructure and still have their own server.  There are many companies that offer this, one of which is a new SA based company called YourDC.  The advantage of such a solution is that this is a halfway step.  You control your own server. You own your own data. You manage your server.  You have access to your server and you decide who else will have access.  Totally in your control.  The only part you are renting is the infrastructure to house the server and supply the access e.g. internet access to and from your server.  For this corporate company, this is the right way to go, based on the board decisions.  This is not a cheap option, as maintaining and caring for a server, costs quite a lot of money.

In short the infrastructure for this cloud solution is like a countries infrastructure.  You still own your own land, and you pay rent to use the roads, sewerage etc.

Now, if you elect to have your data Hosted, this means, that you are renting not only the infrastructure, but also the physical space for your data to reside.  If this is your option, you really ought to read on about other safety considerations.

How to select a Safe Hosting Solution.

We are all still reeling from the events in Paris on the 7th of November. Obviously the terrorist had an impact, and the governments stand against terrorism, has a direct impact on stored data.  So if you wish to have control of your data, the government rights over your data must be considered.  My recommendation is that you should locate your data in the country that your business head office resides.  E.g. if you work in the USA, your data should reside in the USA.  If you work in Australia your data should reside in Australia.

This statement has a cost associated.  It is initially cheaper to have data reside in a 3rd world country, but what are the long term costs.   The question is – what is the cost to your data if it is not residing in your own country.

So what if you have an international company, e.g. you sell or work in more than one location.  There are still solutions for you.

There are quite a few hosting companies that offer multi location servers. E.g. Amazon and Rackspace.  You can actually have multiple servers based in different countries.

In fact this is just 2 of the main players in this arena, there are literally thousands of such companies. This leads us to the issue of how to choose a safe company to be with.

How to choose a Safe Hosting Company?

I have learnt from years of experience as a business manager, that generally the old proverbs are true.   “You get what you pay for”. This scenario was almost tailor made for this statement.  I have used many hosting companies.  Some are really cheap and some are really expensive.  But each offers different levels of data safety and protection.

To give you a specific example.  As a database developer, I often need administrator level access to work on databases for my clients. One internet hosting company, once they provided this to me, I had access to ALL their clients’ data, not just my clients. I could have copied, shared and deleted data from any company.  All this access was given to me freely.  By the way, this company was an Australian promoted and located company based in Victoria.

I have also had very economic companies that really gave great value and service for money.  Once such company is Azure. This discounted option, is discounted because it is limited to servicing ONLY MS SQL solutions.  So in fact Microsoft have discounted this service as part of a marketing or promotion solution to promote their own products.

For Accede’s development we mainly use Amazon, however we have also used Rackspace for quite a few clients.  The reason we do this, is because these companies offer the best flexibility, safety and reliability that we can viably afford.  So why do we say Safety so easily and what do I consider when I say the word Safety.  Accede also use Azure for its MS SQL datbase solutions.

Safety with the hosting company consists of:

  • Security for your data
  • Is their server reasonably well protected – how easy is it to hack?
  • Do they invest in the security of their servers
  • What do they have to lose if they are hacked and it becomes public information
  • How easy is it to communicate with their technicians if we see or find an issue.
  • What country holds the server
  • What partners etc. are they linked with that may have an impact.

Now, these are the points that I review when considering were to allow our valuable data to reside.  All this information is quite easily available in reviews, company website, and general blogs.

Finally Protection

Most hosted servers, have one or more levels of firewall protection. Most also have virus and malware protection.  However, is that enough and what other options are available?

This is where data encryption, security certificates, and the server settings are vital.

It is so easy to allow anyone access to your data – in fact it is easiest.  But the issue then is that the data is public-ally available.  So getting your host initial set up established correctly is vital. Plus this is something that should be periodically checked, as upgrades, changes etc. all can affect your setups.

My suggestion, is that this should be reviewed regularly and reported on as part of your disaster recovery checks. Microsoft recommend this be done done monthly or at least quarterly.  With that stated, I suggest that if you care for your data then don’t defer this any longer than twice a year.

Level of Desire/Competition will increase your risk.

Many years ago one of my clients – involved in Manure Sales, was being targeted and regular hack attempts where being made our of India.  Reverse checks, showed that a competitive business really wanted the data, and this meant that they were paying others to “get” the data for them.  We increased the security and the problem went away.

If your data is desired, then expect that you will have to invest more in time and money to protect your data.  Realize that even the highest invested companies have been hacked.  So there is nothing, cloud or local that cannot be hacked.  What you need to do, is make it so hard to hack, that is just not worth the effort.

So often friends have asked me if I can “hack” their data.  Generally these businesses have no real lock on their firewalls, their password is often Password, date of birth or 123, and they have not altered their password in months.  This is not what I would call hacking, I really call this looking.  For these people the shock I see when they realize that getting to all their data is easy.   What is often not understood, is that when you can’t get your data, it is corrupt, locked, forgotten passwords, etc.  It is companies like Accede that get your data for you.   So I suggest you have some good IT standards, checks and backups in place.  Remember your backups contain your data, so security of these also matters.

Is my business safe using cloud technology, cloud data?

That depends on:

  • How you set up your cloud service
  • Desired level of security
  • Checking
  • Caliber of companies you partner with
  • And the level of desire your data holds.

I hope this article has given you an insight and areas to consider.  Remember as a manager, you don’t have to know all the answers, but you have to know who to ask, and the right questions to ask.

If you have any questions or comments. I am happy to not only receive them, but I will respond to them also.

Facebooktwittergoogle_plusredditpinterestlinkedinmail