Three tips for choosing a cloud provider

Published: October 23, 2012 by Michael Bruemmer

To cloud or not to cloud? That is the question. And while there’s no questioning the convenience and benefits of cloud storage – you can access your data from multiple devices and save space on your own servers – there are questions regarding how secure cloud storage really is.

Given recent hacking incidents at bigger-than-big companies and popular cloud services, here are a few things you need to consider when using a cloud provider:

Look for robust authentication: If a cloud provider offers a one-step login, i.e. password-only security, that’s a red flag. If there’s just a single password standing between your sensitive data and hackers, how long until that password gets cracked? Or it could be accidentally or maliciously shared with the wrong person or written down on a piece of paper that’s later lost. The bottom line is, you need more than a password. Look for and use a cloud provider that has a robust login and authentication process. Yes, it takes longer every time you log in. But it also helps to keep hackers out. Be sure to change your passwords and other authentication data regularly. And remember that not everyone in your organization needs to know how to access the cloud.

Take your time: It’s good to be cautious when you’re talking data storage, especially when it’s an outsourced service. So take your time choosing a cloud provider. Ask questions about what security measures are in place and how they are maintained. A dependable cloud provider should be able to answer all of your questions quickly. That likely means they know their service well and have anticipated your concerns. If you’re getting the runaround or don’t feel confident with the answers you’re receiving, look elsewhere. There’s not just one cloud in the sky.

Sign on the dotted line: You’ve thoroughly vetted a cloud provider’s security and authentication measures and have determined you’ll actually have a higher level of security using the cloud than with internal, on-site storage. You’ve asked about risk management, documented policies, incident preparedness, encryption levels, employee training and all of your other concerns. You’ve conducted a thorough audit and you’re happy with what you’ve found. Then and only then enter into a service agreement with a cloud provider.

Just remember that any type of cyber security is never foolproof and new threats constantly emerge in the cyber world. So keep up with what’s going on at your cloud provider and keep access to the cloud restricted only to individuals in your organization who really need it. If one of those individuals leaves your organization, change all of your cloud passwords and authentication data at once.

The fewer people who have access to your sensitive data – both inside and outside your organization – the more secure it is.