Info SMBs Need from Their Cloud Storage Provider

Paul Mah
Slide Show

Ten Questions to Ask When Writing a Cloud Security Policy

Many SMBs have heard about cloud storage and want to sign up with a provider, but aren’t sure exactly what they need or what to ask. You will want to consider a few things prior to making that call.

How Is Encryption Implemented?

Many cloud providers cite the use of “128-bit SSL” or “256-bit SSL” when they talk about security. As I’ve pointed out in my blog, “A Lesson in Cloud Security for SMBs,” while SSL is considered robust, it pertains only to the data transfer aspect and has nothing to do with how it is stored when at rest.

Obviously, the best form of security is when data is inaccessible even to your cloud storage provider, which you can do by encrypting your data prior to uploading it.

Some providers, such as CipherCloud, offer data encryption where the customer retains the encryption keys. That way, the provider never has access to the data stored within their service.

Do They Provide Two-Step Verification?

Two of the favorite attack vectors by hackers would be phishing to steal credentials or using a malware discover credentials using keylogging software. Such attacks are successful because they rely on the use of a static password that is easily stolen.

Two-step verification or two-factor authentication changes this by requiring that a user key in a dynamic passcode. This code is typically generated via a channel that an online hacker cannot access. The passcode could be generated by an app on your tablet, or it could be sent to your smartphone in a text message.

Are Access Logs Kept?

Access logs are an important way for you to confirm who has accessed your stored data. By reviewing such logs, if you notice any strange logins, you could be alerted to the presence of a hacker. The vendor may supply access logs for your account, or you might receive a read-only list that shows the last 10 or so authenticated logins.

Will They Ship Your Backup Data in an Emergency?

While security is justifiably one of the most important topics that SMBs should be concerned about when it comes to their data, it’s definitely not all there is to it. As cloud storage vendors compete by offering an increasing amount of storage, businesses must also consider the amount of time it would take to restore all of their uploaded data.

This could amount to hundreds of gigabytes or even terabytes of data to restore should they be faced with a catastrophic incident that results in complete data loss. In scenarios where it is not feasible to perform data recovery over the Internet, the ability to have this data shipped back on a physical storage media could be critical, so be sure to inquire about this upfront.

Add Comment      Leave a comment on this blog post
Aug 28, 2013 12:42 PM Susan Bilder Susan Bilder  says:
One other thing to consider is to make sure that you’ve got the network bandwidth to accommodate an offsite storage solution. The overhead associated with encrypting and transmitting large, confidential datasets could overwhelm your network. If the vendor will ship backup data to you if you need to do a restore, you should check if you can ship the initial dataset to them rather than uploading it over the internet. After the initial load, incremental backups would consume significantly less bandwidth. Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.