Are you considering moving your business data to the cloud? You aren’t alone. Many of our clients have decided to move to cloud-based data storage for a variety of reasons. Cloud data storage can be more efficient and less expensive. Before you commit to a specific provider, consider the security strategy needs of your business data.
- Industry requirements: Ensure your cloud storage provider knows your industry well and can meet industry-specific security requirements. For example, in the financial industry, any data storage must be SSAE 16 compliant.
- Data encryption:Consider data encryption in transit and at rest. For protecting data in transit, data should be encrypted with a connection such as HTTPS, SSL, or FTPS. Data that arrives at the storage location is at rest and can either be encrypted as individual files or by securing the storage device itself.
- Data center security: Understand the identity and access control tools available with cloud data storage. Ensure that security groups can be configured to allow access to data based on authorization. Develop and enforce policies that are context, identity, and application-aware to ensure flexibility and scalability.
- Data storage location: If the cloud provider stores data in different geographic locations, you will be less exposed to local and regional outages. However, laws and regulations for secure data protection may differ from country to country and between industries. Using a provider with foreign data centers may expose you to violation of data privacy laws for your country or industry.
- Audit control: Ensure you’ll have access to events, logs, and audit trails that prove enforcement of the provider’s security controls. All necessary information should be logged and stored appropriately by the cloud service provider, including authentication, authorization, and management information.
- Data segregation: Data separation is an important issue for data stored in the cloud, particularly in a multi-tenant SaaS service, where a single instance serves multiple customers and data is co-mingled. Ensure that the provider has appropriate controls to ensure your data is isolated and cannot be accessed, accidentally or intentionally, by other users of the cloud service.
Analytix IT Solutions offers a full range of technology solutions from managed IT services to software engineering. To learn more about how we can help you with your technology needs, visit us at www.analytixit.com.
Back
