Making the Leap to the Cloud: Is My Data Private and Secure? (Part 2 of 4)

October 18, 2013

Law in the CloudIn Part One of this series we discussed the key benefits that cloud computing can offer for your organization. This next installment focuses on data security, and what you should look for when choosing a cloud computing data center.

Part Two: Is Cloud Computing Secure?

If done correctly, yes. In fact, cloud computing offers a level of physical and electronic security that an on-site server or a locked file cabinet can’t begin to approach.

Because they can operate with large economies of scale, data centers can be surprisingly affordable, offering even smaller agencies and departments a level of security far beyond what they could achieve on their own. But all data centers are not created equal, so it’s important to be sure that the one you choose can adequately protect your data.

The data center you choose should offer the following protection measures:

PHYSICAL SECURITY

  • Redundant power supplies – cloud computing data centers have backup power supplies to run servers in case of power outages. In most cases, backup power is provided by diesel generators that can come online instantaneously in the event of a power failure and power the data center for as long as necessary until electricity is restored.
  • Redundant Internet connections – cloud computing data centers have several Internet connections that run simultaneously. If one internet provider fails or is performing poorly, they are able to use other providers that have different Internet backbone services.
  • Redundant hardware – tier 4 data centers use multiple hard drives and other components, arranged in such a way that if one fails another can immediately and seamlessly take its place.
  • Fire and flood – the data at most data centers is replicated in multiple locations. In the case of a fire, flood, or other disaster, your applications and data can be easily accessed by another computer in another location.
  • Theft – data center servers are not easily accessible. Only authorized agents have access to them, and their identity is verified using biometric measures like fingerprints and retina scans. In addition, the entire data center is monitored by surveillance cameras at all times.

APPLICATION SECURITY

Application security covers the software side of the data center. It deals with online security issues like hackers and viruses. Application security measures include:

  • Firewalls – firewalls act as an electronic barrier between the data center and the Internet. They limit the execution of files and access to data to ensure that hackers and other unauthorized parties cannot access data.
  • Antivirus detection software – constantly updated, antivirus software detects and removes any viruses that penetrate the data center environment.
  • Data encryption software – this software encrypts data as it travels between your organization and the data center.
  • Administrative controls – data centers use administrative controls to govern access to applications and data. They limit access to certain functions and protect your files.
  • Security audits – cloud computing providers conduct regular third-party intrusion detection audits. This means they actually hire professional hackers to try to hack into their applications and provide audit reports with their findings. These audit reports highlight any security holes in the applications and infrastructure, which can then be dealt with by data center technicians.

Next week we will focus on your organization’s role in protecting your data, and how you can work with your cloud computing provider to ensure they are meeting your data privacy and security needs.