Hackers Can Find Your Data. Can You? When is the last time you took inventory of all the different systems your company and employees use to store sensitive business data? Do you know where all of your applications reside? Is everything stored on physical servers within your office? Does some data reside on individual PCs and workstations (and are these backed up regularly)? What about mobile storage devices such as thumb drives? Does your company have a policy around where people can save private information? Today, in order to avoid hackers finding and stealing sensitive data, many businesses are turning to cloud applications for primary application hosting and storage. Another viable option is using secondary data centers for backup and failover platforms. Cloud solutions are hosted and managed in controlled data center environments that can provide you with peace of mind, knowing your data is secure. If your business is thinking about moving to a cloud solution and centralizing your data storage, here are some things to consider. Creating a Data Policy In today’s day and age, there are a variety of free or low-cost hosting services available for data storage. Many are designed for the consumer market and not suited for business use. Such services can pose security risks to an organization. To combat this, it’s important to have a data security policy in place, which all employees are aware of, fully understand their obligations, and follow. It is important for your employees to know what the risks and implications are, if a data breach was to occur. A data security policy should be used to define approved methods to securely transfer or share data and define restricted methods to help stop the use of unsupported or unsafe services and applications. Policies should be very specific on what is acceptable and not acceptable for all employees. They should include information about email policies, mobile devices, social networking, and internet usage. These policies should be documented, communicated (multiple times), enforced, and periodically reviewed and updated. Once your policy is in place, go beyond just emailing it to your employees. Set up meetings and/or training sessions to regularly educate them about the reality of data security, and their role in keeping information safe. Understand Physical and Cybersecurity Controls If your organization is considering moving to a cloud or hosted service for data storage, data backup, or application hosting, it’s important to understand the physical security controls and cybersecurity controls leveraged by the service provider. Physical security controls: Is a badge required to get into the building? Or even better, a fingerprint? Are there multiple doors that you have to go through? Are there cameras? Cybersecurity controls: Are there security services in place, such as anti-virus, firewall protection, network monitoring, and wireless security? Will your data be encrypted? Along with understanding the different security measures, it’s also necessary to understand the provider’s Service Level Agreements (SLAs) for uptime and system availability. In addition, you should understand their policy around data breaches. How do they rectify such an incident? What does the contract say? Reading and understanding everything about what the provider is expected to do is important, and can help you determine whether or not it’s the right place for your business’s data. What it Means to be in the Cloud Many virtual hosting platforms offer failover and redundancy options, so if a disaster strikes you can potentially be back up and running within minutes or hours, and without losing important transactions, data, or communications in the meantime. Here are some important data center features to look for when considering offsite hosting options: Controlled building access with 24/7 monitoring. Redundant features, such as backup generators and multiple data connections. Rack space configuration options, including power and PDU options. Certification levels: standards for security, availability, processing integrity, and confidentiality/privacy. Centralized monitoring, notification, and resolution. Geographic location of the building and the structural design of the building. While the above features are good to use as a guide for selecting a data center, you also need to have a level of trust and faith in the company that owns, manages, and operates the facility. Other best practices to follow include taking a tour of the data center, reviewing the contract terms and SLA documents, and seeking a few references. Have you considered an offsite hosting environment? Scott Hardee Scott Hardee is a Business Solutions Manager at Aureon Technology. Scott's focused on figuring out what his clients issues are and working together to overcome those hurdles to provide the right solutions. With a focus on healthcare, CPA's, nonprofits/charity, and general small to medium-sized business, he's always working to build long-term relationships to help make the ever-changing world of IT easier to handle for his team and his clients. Aureon Technology provides end to end IT and communications solutions and has locations throughout the Midwest, including Des Moines, Omaha, and Kansas City.