The characteristics of cloud computing can provide small businesses with many great benefits including an enterprise-grade level of data security that is oftentimes much greater than what many small businesses can otherwise afford. To truly capitalize on the benefits of increased data security, SMBs must be aware and knowledgeable of key security issues that are commonly overlooked but that should be addressed by a potential cloud vendor, and, while cloud computing for many businesses can be a method of disaster recovery, it is important that your cloud vendor provides your SMB with a support plan of their own.
Where is your data physically located? It is common to be misled by the ambiguity of the term ‘in the cloud’ and therefore neglect the realization that your data must actually reside in a physical location. The exact geographic location of your data is an important factor to consider not only because different localities have varying privacy and access laws regarding data that is stored within their boundaries but because of the potential threat of natural disasters. Your cloud vendor should verify the exact physical location of your data and consider all natural disasters likely to occur. Determine how they plan to manage your data in the event that a disaster were to occur, and maintain disaster recovery planning of your own; back-up corporate data using external hard drives and servers, or use a back-up cloud storage provider.
Who has access to your data and how much access do they have? Security breaches and the unauthorized access of your corporate data are two key issues to consider given that your data is now entrusted to off-site third party servers. This concern should easily be negated by a cloud vendor willing to disclose the access control policies that govern their employees, explicitly stating who has limited access to your data, under what circumstances, and how these individuals are managed and monitored. Additionally, guarantee that the data your employees are now accessing off-site uses a secure connection, requires strong data access authentication, and is encrypted when both transferred and stored. Again, determine what level of support and recovery your vendor is capable of providing in the event that a security breach or other disaster were to occur, and have a disaster recovery plan of your own.
What is the reputation and long-term viability of your potential cloud vendor? Select a cloud vendor that is established and credible. Lessen the risk of disaster by choosing a vendor that is not likely to have frequent service outages, suddenly go out of business, merge, or be acquired by another company. Consider a vendor viability assessment including financial analysis and look for poor viability indicators, such as the loss of major clients. Determine how your data will be managed in the event that your cloud vendor is not sustained. Reach out to your vendor for support, ask any unresolved questions and demand transparency.