Q&A: Cloud computing security


David Blackman from AcronisCloud computing is an efficient, cost-effective way to run some of your business IT systems. But how do you keep your data safe when it’s stored offsite, on servers that you don’t own or even fully control?

More importantly, how do you keep your confidential information away from the prying eyes of modern hackers and avoid costly data breaches?

David Blackman, general manager, northern Europe, at disaster recovery specialists Acronis, explains.

What are the main security risks of cloud computing?

"The cloud offers a cost-effective alternative to traditional forms of business IT. However, businesses do have worries about security. Many are concerned about whether they can trust cloud services to keep their data private.”

“Companies are also concerned about how and where their data will be stored – particularly whether it will be held in a way that complies with laws like the Data Protection Act and forthcoming GDPR.”

“A survey we ran also found that 54% of companies are worried they wouldn’t be able to recover their data quickly enough in the event of a problem with their cloud computing provider. That’s a valid concern, particularly if you rely on that data to run your business.”

What security features should businesses look for in cloud computing?

“Choose service providers with experience and a track record in both the service they’re providing and cloud computing itself. Make sure you can trust the company providing the service, and ensure they are well established.”

“Check they have a strict service level agreement (SLA). This guarantees your business a certain level of service, and should entitle you to compensation in the event of any problems.”

“You will probably be entrusting some sensitive data - like business emails, customer information or your accounting figures - to your cloud computing provider."

"To make sure this data is stored safely, look for a government-approved level of encryption, such as Advanced Encryption Standard 256 (AES-256), the standard adopted by the US Government. This scrambles all your data so nobody can read it.”

“Make sure your cloud service encrypts all data with end-to-end encryption before it is transferred between your business computers and the cloud service. Check there’s traditional login and password protection too.”

Cloud computing involves storing data on someone else's server. How do you know they can be trusted?

“Because cloud service providers live or die by keeping their clients’ data safe, most have very strong security. In fact, the precautions taken by cloud services are often much stronger than the security precautions taken by businesses themselves.”

“Companies tend to be unsure about cloud security because they don’t understand how it works. Always ask your cloud provider to explain their security procedures thoroughly. If you have an IT supplier you can consult too, that’s even better.”

“It’s most important to look for a cloud computing service with a proven track record. Simply searching for the company’s name on Google may be enough to reveal any previous problems.”

Do we need to backup data which is stored in the cloud?

“Yes. You should always have two layers of protection: one on your own premises, and one in the cloud. Your cloud supplier should be able to explain how you can achieve this.”

“Keeping your own copy of the data somewhere means you’re as sure as you can be that it’s safe. It also means you can get up and running faster in the event of a problem – you won’t be entirely dependent on your cloud provider to keep working.”

Does it matter if the servers our data is stored on are in a different country to our business?

“The European Commission's Directive on Data Protection stipulates that servers handling information from UK small and medium businesses must be located in the EU.”

“Although there are more stringent regulations for certain industries, like banking and finance, most companies can stay compliant by keeping their data inside the EU - Brexit is unlikely to change this."

"However, many cloud services run from servers based in the US. If yours falls into this category, make sure the provider is on the US-EU Safe Harbour List. This guarantees they meet the regulations.”

“That aside, the physical location of the server shouldn’t be a concern for businesses, as long they pick a reliable and trusted cloud computing provider.”

What's a good way to try out cloud computing in a low-risk way?

"Cloud computing services are easy to set up. Because you don’t have to manage the physical infrastructure, many hassles are completely eliminated. Businesses should find it relatively easy to switch to cloud computing.”

“A good place to start is to use cloud computing to run your offsite backups. It’s a good, cost-effective alternative to disk-based backups.”

“Get advice from your IT supplier. They should be able to recommend a solution to meet your needs and provide support and advice.”

More on this topic: