Some small business owners still remain wary of moving their data or computer power to the cloud. Security concerns abound, from the system hacks grabbing headlines to worries that the wrong employee might gain access to confidential company information. A few myths may also influence the comfort level small businesses have regarding cloud environments. We spoke with three experts to glean insight into the realities of cloud security.
Cloud Security Myths (and the Truths Behind Them)
Do you question how seriously cloud vendors take security? Lilac Schoenbeck, vice president of product management and marketing at cloud vendor Iland, frames the issue in real-world terms. "It's our business to protect and house the workloads of our customers," she explains. Whether it's securing data that's stored in the cloud or providing cloud-based applications in a secure way, Schoenbeck says that cloud vendors figuratively "live or die by the security of our infrastructure and our environment."
Security is the lifeblood of most cloud vendors, and they've had to wrestle with the dynamics of scalability, easy access, and data protection from day one. "We have experts who take care of security. [They're] in the business of securing data and making sure it is available," explains Raju Vegesna, chief evangelist at Zoho, which offers cloud-based applications.
"You're better off going with them rather than trying to do it yourself," says Vegesna. Unless your business focuses on cloud security, you're unlikely to have the resources in-house—the expertise, the funding, the infrastructure—to develop and deploy the sophisticated safeguards used by many of today's top cloud vendors.
Simple human nature plays a role in keeping some small businesses from moving to the cloud. Being able to lay eyes and hands on your in-house servers seems more real than whatever's happening out there in the cloud. The thinking, according to John Yung, founder and CEO of cloud platform provider Appcara, goes something like this: "I have a computer room and it's on the premises, so I feel a lot safer because I can see it and feel it. It's physical."
Moving things to the cloud has somehow been translated as a data free-for-all. "You never see it, you never touch it, you just login to it," Yung says. "And you feel that everybody else can do the same." That feeling of vulnerability, however, shouldn't be a deal breaker. Yung says that transitioning from a physical environment to a virtual one simply "takes some time for people to adjust."
Security Questions to Ask your Cloud Provider
As part of any company's cloud research, a discussion about each vendor's security posture should be at the top of the list. A small business operator may want to ask specific questions, starting with where the cloud servers are located and how they're protected.
"When the customer deletes the data, how can the vendor guarantee the data is actually erased?" Yung asks. "Most implementations remove the record that points to the data, but the data doesn't actually get deleted." That means if the system is breached, the data is actually still there for the taking.
"Technologies exist that, when you delete the data, actually remove the data from the system," Yung says. If your business's information is highly sensitive, inquire with potential vendors about these types of additional security measures. "Of course, the more protection and options that you want, the more you're going to pay," Yung warns.
Schoenbeck also encourages small business owners to find a cloud provider that supports their team's way of working. "Get on the phone with somebody, and talk through your questions and your concerns. Don't try to do this all by email or Web chat," she explains.
Some cloud vendors may offer only online help tools while others let customers call or even video chat when they need assistance. Schoenbeck says that real-time conversations make it easier to ask questions, and it ensures that potential customers are confident about what they're getting. If you want the option to discuss security issues with a live person, consider that as you're shopping for a cloud provider.
How Small Businesses Can Boost Cloud Security
Any security chain is only as strong as its weakest link. Small business owners must take steps to ensure that their employees are just as security-minded as the organization's chosen cloud provider. Insisting that workers use strong passwords is a good first step.
"If an administrator has a very weak password, that may provide access to pretty much every user's data," Vegesna explains. Consider, too, the potential need for additional security layers. "Maybe you enable two-factor authentication, so in addition to a username and password, you add an SMS text code," says Vegesna. "Placing secure services on top of the basic applications is very important."
Small Business Security Resources
Want even more info on how you can secure your small business? Check out these useful small business security resources.
- Department of Homeland Security
- IT security: University of California at Santa Cruz
- FCC: Cybersecurity for Small Business
Julie Knudson is a freelance writer whose articles have appeared in technology magazines including BizTech, Processor, and For The Record. She has covered technology issues for publications in other industries, from foodservice to insurance, and she also writes a recurring column in Integrated Systems Contractor magazine.
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!|