So you’re going to put your data in the cloud at a trusted data center? That’s exciting news! You’re going to save money on internal server operators, physical equipment and more – not to mention that you’re going to free up all kinds of space at your office for pretty much whatever you need to put there.
That means everything is just super for your business now (superb, even). Oh, but what about security? Is all of your data going to be safe and sound when it’s floating around up there in the cloud? There’s a good chance that if you’re a business of any sort that at least a portion of your data is what you would consider “sensitive.” Maybe it’s personal or financial customer information. Maybe it’s trade secrets. Or maybe it’s just private internal data that nobody outside of your company has any business looking at.
It certainly can be kept safe, but don’t just assume that it will be. There’s an old saying that when you assume you make a certain unpleasant something out of you and me. So don’t do that. Instead, read on to find out how your data can and should be protected when it’s remotely stored in cloud servers.
What Happens to My Data When It’s in the Cloud?
The basics of how it all works are pretty darn simple, even if you’re not your company’s IT director or CIO. Data center providers know that everyone in your organization needs to be able to store and retrieve data from their servers, so they’ve made it easy enough for anyone to do so. When you get set up with the cloud, you’ll find a folder on your PC or Mac for it. Anything you drop into it will float up and away into the wonderful, magical, fluffy land of clouds. Ahem, rather, it will be safely and conveniently stored in a server in a remote data center ready to be accessed whenever you or anyone else who has access to the folder needs it.
Every single time a change is made and saved, it’s viewable by every individual whom you’ve chosen to award access to. That means no more waiting for someone to email you a copy of The Big Project with all of the latest updates that have been made to it – assuming they even remember to actually attach the file to the email before shutting down their system and running out the door at 5:00. Now it’s just there, ready and waiting for you and the rest of your team.
Of course, throwing all (or even just some) of your company’s data up onto someone else’s server and giving a bunch of people access to it means you’re going to want to be absolutely certain it’s kept as secure as it can be. If you’ve already chosen a cloud data center provider then hopefully you’ve already taken the time to look into their reputation and reviewed their security protocols. If you’re still trying to find the right host, though, then we’ve got some things for you to consider when it comes to security.
Dude, Where’s My Encryption?
Be absolutely certain that an encrypted connection is used when uploading or downloading any data whatsoever from the cloud. If this isn’t the case, you’ve got a problem; you’re basically asking third parties to steal your data. You know that giant ToS (terms of service) you would normally blindly agree to without reviewing? Yeah, well, don’t do that. You’re going to want to read your cloud host’s ToS before agreeing to put your data on their servers. If it doesn’t say your data is going to be encrypted, then you probably need to take your data to someone who will encrypt it.
Not all data is necessarily sensitive data, but even if some or all of yours isn’t, do you really want someone else to gain unauthorized access to it? Probably not. This is especially of concern if you’re storing personal ID data, medical records, financial info or the likes. There are laws requiring certain encryption levels for such data. If that applies to you, then familiarize yourself with them and be sure your cloud provider will be abiding by them.
The Password Is 1…2…3…4…5
Is your password simple to guess? Is it something that there may be clues to on your desk? Are you using the same password for every single app, computer, email account, etc. that requires a login? Have you been relying on the same password since the ’90s? Be honest, you’re probably guilty of at least one of those things. It’s bad enough if you’re making it easy for someone who has physical access to your workstation to break into your files and do pretty much whatever they want with them. But it’s arguably even worse if you’re making it easy for anyone on the internet to crack the code and gain access to your cloud data. All the encryption in the world isn’t going to help you any if someone can easily guess your password.
Any cloud service is going to require a password in order to gain access to files. Make sure it’s a good one – something long, unique and difficult to guess. Yes, it might be a pain in the neck to remember what it is, but doing so is going to be far less painful than explaining why someone with dubious intent was able to gain access to your data because they randomly guessed that your password was the name of your spouse or favorite sports team.
Whatever you end up going with, make sure it’s unique. Yes, this is also a huge pain, but it’s a necessary evil. Your cloud password should never be the same password you use for anything else. You’re going to regret it big time if, say, a hacker breaks Twitter’s encryption, steals your password and tests it out on anything and everything else to find that he or she now has access to your business’ cloud data because you used the same password for it as you do for everything else.
And once you’ve settled on your Fort Knox-ian password, you shouldn’t be giving it out to anyone. Yeah, you might be able to trust your best friend not to do anything insidious with it, but can you trust anyone else not to do the same if he happens to mention it around them without thinking? No, you can’t.
Finally, make sure that you change the thing when necessary. Chances are that most of your employees are not lifers. For various reasons that you’re surely familiar with as a business owner or department manager, staff members are going to come and go as the years pass. When they do, change the password. Never assume you can trust anyone.
If you’ve learned anything at this point, it should be that you can never be too cautious with your data. You never know who else is going to try and gain access to it, nor do you know what their intentions may be once they get it. Of course, there are plenty of other steps you can take to keep your data safe and sound. Stay tuned for our next blog post on safely storing data in the cloud.
Image Source: LinkedIn