When it comes to choosing a managed cloud storage provider, there is no shortage of options. However, it pays to do your research and ask specific questions regarding security, compliance, availability and service. Following are five key criteria to use when selecting a managed cloud storage provider.
Determine what data to store in the cloud
Clouds come in different varieties such as public, private and hybrid. The type of data you want to store in the cloud often determines what cloud environment to use. For example, if you looking for a backup solution for seldom-used, non-confidential data, a public cloud may be an option. If you want a primary data storage source for your organization’s customer data, you may wish to consider a private cloud solution.
Keep in mind that the type of cloud environment your business needs could change over time. Engaging with a managed cloud storage provider that offers a variety of cloud environments can save you the hassle of moving your data from one provider to another.
Scrutinize your managed cloud storage provider’s security measures
Take the time to fully understand your potential managed cloud storage provider’s security measures. Start by asking about their physical security measures including:
- Do they have a security monitoring and response team onsite 24 x 7 x 365?
- Do they require multi-factor authentication for access into the data center?
- What intrusion detection systems do they have in place?
Encryption is the primary security mechanism managed cloud storage providers use to protect data in the cloud. Stolen, unencrypted data is also the primary reason behind headline-grabbing data breaches experienced by companies such as Anthem and Target. So when evaluating managed cloud storage providers, ask the provider where and when data is encrypted. At the very least, your data should be encrypted at rest (i.e., in its final location, such as the data center). Some providers, including HOSTING, also encrypt data in transit, or while it’s being transmitted to the cloud. Be sure to maintain possession of the decryption keys so that you have control over who can see your data.
Ask about compliant cloud solutions
If your organization is responsible for safeguarding customers’ credit card information or protected health information, it’s essential to engage with a managed cloud storage provider who offers cloud solutions that are compliant against HIPAA, PCI and SOX regulations. Look for a managed cloud storage provider with proven experience working with auditors and meeting the same regulatory requirements as you. A compliant cloud provider such as HOSTING has a dedicated team of compliance experts, led by an in-house Chief Information Security Officer. They regularly advise clients on regulatory issues pertaining to HIPAA and PCI, and often support clients during their audits.
Understand your managed cloud storage provider’s availability
As we discussed in our recent blog post, 3 Security Questions to Ask Your Cloud Provider, organizations need – and expect – their business-critical data to be available at all times. However, availability can vary from one cloud storage provider to another. Your availability requirements should be dictated by the type of data you plan to store in cloud and how it is used. For example, if your organization stores, accesses and manages protected health information, HIPAA compliance regulations require that it is accessible to authorized personnel at all times. Availability is also critical if you’re using cloud storage as your primary backup. You can increase availability by choosing a cloud provider such as HOSTING that provides redundancy. Regardless of which option you choose, make sure you know how to connect to the redundant copies when a failure occurs.
Pay attention to service level agreements (SLAs)
Carefully review a cloud provider’s SLA to understand how much downtime they view as being acceptable, and to what extent they are willing to commit its own financial resources to compensate for unexpected outages (which will happen). Remember, it’s up to you to ensure that suitable measures are in place to meet your security and regulatory requirements so confirm that the cloud provider has the technology, architecture and expertise to meet them. Pay particular attention to availability and downtime. Providers differ in how they measure downtime, so read the fine print to ensure it matches your specific business requirements. Our blog post, 4 Essential Questions to Ask When Comparing Public Cloud Service Agreements, will help you build your SLA criteria.
The cloud is crowded, with new providers jumping into the space every day. A pioneer in managed cloud services, HOSTING can help you understand your options and select the right managed cloud storage provider for your business. Contact us anytime to discuss your specific needs with a certified cloud professional.