Maxim_Kazmin - Fotolia
Secure data storage, once little more than an afterthought, has become a critical business function. Gone are the days when a business owner could simply back up daily invoice data to a tape and store it in a drawer for safekeeping. Government regulations, rising on-demand data needs and breach fears are rapidly changing both how data drives business and, in turn, how data should be stored in the 21st century.
Despite the need for secure data protection and storage, challenges still exist for many small companies. A 2013 National Small Business Association survey found that 44% of the respondents had been victimized by a cyberattack. Furthermore, a 2014 Ponemon Institute study found the average cost of a data breach was $3.5 million. The effects of such an attack could be crippling to a small business.
Yet, handling cloud data storage in-house can be challenging for small businesses that do not have the staff or monetary resources to adequately handle such a task.
With this in mind, an increasing number of small companies are opting to use a cloud data storage service which not only negates the need for expensive equipment purchases, but also prevents them from having to hire a staff to manage the responsibility.
This trend toward outsourcing is growing; according to an SMB Cloud Insights report, small businesses are forecasted to spend $95 billion on cloud services by 2015.
However, before signing on with a cloud data storage service provider, it is critical to note that not all services are the same. Each enterprise must carefully weigh its options to ensure that it finds the best service and service provider for its specific business needs. Below are five top considerations to keep in mind when evaluating cloud data storage services.
Cloud data storage services come in all shapes, sizes and cost ranges. The best place to start when deciding on a service is to consider what requirements your specific business has. This can take a lot of planning and analysis. At a high level, some things to consider include:
- Am I bound by any regulatory authorities dictating my security requirements? If your business is part of the healthcare industry, laws such as HIPAA may play a part.
- If you need quick access to old log information or historical pricing data, you need to think about whether you need easy retrieval of archived data or if some latency in accessing the data is tolerable.
- Does my business model restrict what options are available financially for data archiving? Cost is typically a factor in business decisions.
These questions can dictate specific criteria for evaluating providers.
Next, consider the following question: "Does my business care where its data lives?" Some cloud data storage providers have multiple data centers all over the world. Again, regulatory guidance plays a part here. In certain industries, like government, defense or retail, companies are required to have adequate oversight of their third-party service providers. If your business doesn't know if its data is stored in a data center in Indianapolis or India, that could lead to problems down the road.
Sometimes choosing the lowest-cost option is not the best way to go. Two examples come to mind: sushi and Lasik. Another should be cloud data storage. As with any growth industry, there are companies of various sizes that offer these services, and since they will be responsible for keeping your company's data secure as well as accessible, take the time to closely examine their operations. Find out if cloud data storage is their primary (or one of their primary) service offerings. If the company's primary line of business lies elsewhere, it might not be properly equipped to handle the cost, management and overall responsibility for data storage. In other words, consider this a red flag. Also find out how long the provider has been in the data storage business. Is it new to the job or is it a veteran player? The company's longevity could have a big part to play during evaluation, so make sure the provider's financials are solid and that it has a product/service roadmap that extends well into the future.
From a technical perspective, be sure to evaluate a provider's logical and physical security posture. It is critical to ask questions including: Is data encrypted while in motion and at rest? If so, what kind of encryption is used? Once the data leaves the company's environment, it is important to ensure that there are proper controls to maintain its integrity. What controls does the provider have in its physical environment? Does it have a tier 4 fully redundant data center or is it less robust? The approach the cloud data storage provider has taken to address these areas will go a long way to deciding whether or not to keep them in contention for your business.
Outlining as many of your business' needs as possible beforehand will make evaluating the different cloud offerings much easier. Furthermore, many of these questions can be answered by consultation with the provider's security staff as well as through analysis of the attestation of its controls. Does it go through regular external security or privacy audits? Do they have a current SSAE 16 audit or ISO 27001 or PCI certification? These documents can be invaluable to your analysis.
Bottom line, being prepared before starting research on the right service is the best approach. Once these considerations are made, it will be much easier to small businesses to find the provider and service that will help them best secure cloud data storage in their business.
About the author:
Joseph Malec is a longtime security practitioner and a fellow with the Information Systems Security Association (ISSA).
Learn what IT and employees need to know about cloud storage security
Check out the latest cloud data storage security advice here