News flash – unless your data is stored under your bed in a safe that’s nuclear blast-proof, your data isn’t 100% safe. It seems like every day brings another horror story regarding a breach of data security. Target has struggled mightily since theirs, as recently chronicled by CNN/Money Magazine. UPS Stores just reported that many of their stores were hacked and “customer names, postal addresses, email addresses and payment card information were compromised”. On top of this, a staggering 90% of health care organizations have exposed patient data or had it stolen. So the cloud isn’t safe, right? This is the cloud’s fault! Gather your pitchforks and storm the cloud’s gates! Not so fast.
When you look under the hood of these data breaches, you’ll often times find compromised internal devices that spread malware to other devices. In essence, most of these security issues happened after the perimeter was breached. Inadequate internal controls allowed the security issues to spread to multiple devices. So why does this even matter to you? Mr. Business Owner, do you know what IDPS (Intrusion Detection and Prevention Systems) is? It means that you have firewalls… and alerts to security breaches, protocols, systems, and procedures in place when breaches actually happen. Do you have this in place? Let’s back up and talk about the cloud for a second.
The simplest explanation for the public cloud is the storage and execution of data and programs in a data center that you don’t own. Examples of this are Centurylink Technology Solutions (www.centurylinktechnology.com), US Signal (https://ussignal.com/), RapidScale (www.rapidscale.net), and Navisite (www.navisite.com). You can upload your data to the cloud for virtually infinite scalability and accessibility. You know what they also specialize in? Data security. Imagine your data being inside a circular building (in this case, Centurylink’s cloud) with brick walls. If and when the initial wall is breached, the attacker finds himself with having to breach another secure wall. If and when the attacker is successful in breaching that wall, they find 5 more walls.
Why do we bring this up? We bring this up because we have so many clients that believe that their data that is being stored at their own physical location protected by a single firewall is somehow safer than storing this within the confines of a reputable cloud provider’s data center. Somehow, the proximity of the data and servers to their front door provides a sense of ownership and safety. We have news for those customers – once you connect your information to the WWW (World Wide Web or wild wild west), that proximity doesn’t matter anymore. What does matter? Having experts that understand cyber security and how to quickly react to the constant evolution of attacks from viruses, hackers, phishers, etc.
So what do we typically recommend? We won’t go so far as to claim that one size fits all. What we will tell you is that storing your information in a reputable cloud is typically more secure than DIYing it. They simply have more layers of security, more professionals on staff to handle security matters, and specialize in the protection of data. To replicate this skill set internally can be very cost prohibitive.
Lastly, don’t be so naive to think that the cyber-attacks of today and tomorrow only happen to the big Fortune companies. They happen on Main Street too. They’ll start happening with more frequency as the attackers weigh the risk/reward ratio that makes holding up the local liquor store look downright foolish.
Have a plan, have a cloud strategy, and if you don’t, talk to someone who might be able to help.