Backing up your critical business data to the cloud is a big decision to make, and one of the main concerns companies have is the level of security they are getting with the provider they choose. And why wouldn’t it be? This is not a picture of your Aunt Millie someone could be falsely accessing. This is your financial data, your CRM system, your CEO’s files. No one but you should be accessing this data.
Moving to the cloud doesn’t have to be scary though. Knowing what to look for in a provider can help you choose the right cloud backup company and be comfortable with where your data lives.
Cloud Backup or Cloud Storage
The first thing you need to know is: Are you using a cloud backup provider or a cloud storage provider? Yes, these actually are two very different things, though the terms are used interchangeably. For more information on the differences, check out our blog post from March 21, entitled “Cloud Backup vs. Online Storage: What’s the difference?”
You’ll want to make sure that you have decided to work with a cloud backup company because their service offering is more comprehensive and driven towards backing up business data instead of personal data.
Security Features You Want
The second thing you should focus on is the security features offered. A pit bull isn’t going to protect your data from cybercrime, but encryption keys, audits, and high data center tiers will. It’s not enough to know that you need these things though, you need to understand what they mean and why they are important. For example, choosing a Tier 1 data center verses a Tier 4 data center can have implications on the service you receive. So while you may think that getting a rated data center is enough, you need to know why different levels matter to your backups.
Encryption and Encryption Keys
I probably don’t need to explain this to most people, but I do find the topic fascinating as everyone “knows” what it means and that they needed, but many couldn’t give an explanation if asked. Or, at least, I couldn’t.
What it means: Encryption is a processes of encoding data and information in a way that hackers cannot read it, however authorized parties can read it. The encryption key is used to specify transformation of plaintext data and information into cipher text, and visa versa during decryption. Basically the key specifies the number of repetitions of transformation used to encrypt the data.
What you want: When choosing a provider, you should be looking for 256-bit encryption. This means that the data and information will go through 14 cycle of reputation to transform into encrypted data. With critical business data, you want to make sure you are using this high level of encryption.
Data Center Tiers
What it means: Data center tiers are standardized methodology used to define the uptime of the data center. There are 4 tiers, 1 being the lowest rated and 4 being the highest rated. The methodology is based on the data center performance, investment, and ROI. Below are the 4 Tiers.
What you want: When dealing with critical business data, you want the highest rated tier, or tier 4. A data center with this rating will not only have the basic features, like redundant capacity features, but also incudes structural differences, like HVAC systems, chillers, etc. Also, a Tier 4 data center will have less down time than a Tier 1, 2, 3, making it the safer option for storing your data.
What it means: Most people know it as the SAS70 audit, but 2 years ago it was renamed to be the SOC2 Audit. A SOC2 audit is an audit run by a 3rd party auditor who performs testing on the service organizations controls to determine whether the controls performed during a specific time period were effective.
What you want: You’ll want to look for providers that are SOC2 Type II Audited. There are 2 types of the SOC2 audit, and the Type II audit reports on the description of providers systems and suitability of the operating effectiveness. Because it is performed by a 3rd party, you can rest assured that everything the vendor is claiming to do has been tested and reviewed and does in fact, work as advertised.
Are you sitting there thinking “This all sounds great, but I know no one can get the data off my tape/disk/array”? Not so. These other systems offer different security concerns that aren’t as easily fixed. For example:
Tape: These are mobile forms of backup and can easily be stolen or lost. Additionally, these are not guaranteed to be encrypted.
Disk/Array: Again, not always encrypted and anyone can easily gain access to the data.
Replication: Not really a backup method, but frequently used. Physical security at other locations is always a concern, as well as account names and password management, and connections between the 2 points are not encrypted.
Cloud Backup is more Secure
With technology advancements, cloud backup is actually safer than traditional methods, assuming you use a cloud backup provider and do your due diligence on the security precautions the service provider takes. The right company implements all the safeguards and regulations to ensure that your data is safe. When you use disk or tape or replication, the job of securing data falls on you. And you have a lot going on. Cloud backup vendors do just this, and therefore can assure that you data is safe much better.