"The Cloud" is a wonderful concept. You buy technology services as needed and they promise essentially zero downtime. Unfortunately, you have to be a lot more vigilant about keeping track of your data. In the old days, with a server, your company data was in that box in the other room. You might need to hire someone to make it useful, but at least you knew where it was: In that box in the other room.
The good news about cloud services is very good.Your data can be far more secure than on your own server. And if you get the right service, it can have zero downtime. The bad news about cloud services is that you need to make sure you've got the right setup. You cannot assume it's safe, secure, or even backed up.
Let's look at the basic challenges and what you need to know.
1. Where is your data? This question has two components. First, where is your data supposed to be? And second, where is it that it's not supposed to be?
If you have your data stored in the cloud, keeping track of it is simple - but you have to do it! At some point, this knowledge becomes a "black box" of information. You might not understand it if I tell you that you are accessing data on Amazon Web Services via Jungledisk and backed up to a storage archive on Azure. But you should have a document that describes this setup - with administrative information, user names, and passwords.
This document should be prepared by you technology consultant and stored in a very safe place. If your data is in the cloud and you don't have the information to retrieve it if something happens to you I.T. professional, your business could be in very deep trouble.
The second concern is equally important: Are you sure your data isn't being spread all over the place? I see too many businesses that let employees email company information to their home email, or put a bunch of it up on a "free" DropBox account.
In addition to DropBox, there are hundreds (maybe thousands) of sites that will give you free storage space. Generally speaking, if these sites are free, they are insecure and make no promises to keep your data safe. They certainly don't back it up.
This is a problem because you might have employees and contractors using ten different free accounts, plus non-company email, etc. Lots of your secure information could be spread across several insecure sites. And while secure cloud services are more secure than your personal server, insecure cloud sites are extremely insecure.
Controlling this data flow can be accomplished (to some degree) by blocking these services with your firewall. Some can be stopped by attaching additional security to individual files. But for the most part, you will be most effective in stopping this leakage by creating a written policy and educating your employees.
2. How are your data backed up?
Strangely enough, most people assume that everything in the Cloud is redundant and backed up. This is absolutely not true. If you want your email backed up, you need to make arrangements for that. If you want your files backed up, you need to make arrangements for that. If you want a "disaster recovery" option that gets you back in business super fast, you need to make arrangements for that.
It is extremely rare for these backup services to be ON by default. Why? That's easy: It costs money to provide these services. Therefore, it costs you extra money to have the services.
You may decide you don't want a backup. Or there may be a variety of backup options at different price points. But you should ASK and you should decide on what you want. As with the storage services themselves, your I.T. Pro should provide you with documentation, including user names and passwords.
You may not know how to access a backup, restore lost email, or rebuild your storage. But a competent I.T. person will be able to do all those things -- IF they know where the backup is and have credentials to get in.
You Have to Play A Role
I always find it odd when I hear a business owner tell me that they lost control of their domain name and are not sure what to do. If you lost control of your domain name, that really means you never had control. Your domain name was not being "managed" by you or anyone else. And then it expired and it's just gone.
We are entering an era in which I expect to hear similar stories about companies losing all their data - Not because of a disaster, but because no one wrote down where it was or how it was managed. The data will live in the cloud forever after you forget where it is. But you'll never be able to access it.
As with so many things in technology, security ultimately comes down to good documentation. Your I.T. Professional should help you with this and give you a high level of confidence that your data is safe . . . and you can get it back if you need it.
Action Steps:
1. Ask your I.T. Professional to create a description of where your data are located, including all information needed to back it up and gain access to it. You don't personally have to understand all of this, but it should be in a form that other I.T Pros will understand.
2. Create a written policy for your employees and contractors that defines where your data should be and should not be stored. In most cases, you will want to explicitly prohibit the use of free services and personal storage areas on the Internet.
:-)
The good news about cloud services is very good.Your data can be far more secure than on your own server. And if you get the right service, it can have zero downtime. The bad news about cloud services is that you need to make sure you've got the right setup. You cannot assume it's safe, secure, or even backed up.
Let's look at the basic challenges and what you need to know.
1. Where is your data? This question has two components. First, where is your data supposed to be? And second, where is it that it's not supposed to be?
If you have your data stored in the cloud, keeping track of it is simple - but you have to do it! At some point, this knowledge becomes a "black box" of information. You might not understand it if I tell you that you are accessing data on Amazon Web Services via Jungledisk and backed up to a storage archive on Azure. But you should have a document that describes this setup - with administrative information, user names, and passwords.
This document should be prepared by you technology consultant and stored in a very safe place. If your data is in the cloud and you don't have the information to retrieve it if something happens to you I.T. professional, your business could be in very deep trouble.
The second concern is equally important: Are you sure your data isn't being spread all over the place? I see too many businesses that let employees email company information to their home email, or put a bunch of it up on a "free" DropBox account.
In addition to DropBox, there are hundreds (maybe thousands) of sites that will give you free storage space. Generally speaking, if these sites are free, they are insecure and make no promises to keep your data safe. They certainly don't back it up.
This is a problem because you might have employees and contractors using ten different free accounts, plus non-company email, etc. Lots of your secure information could be spread across several insecure sites. And while secure cloud services are more secure than your personal server, insecure cloud sites are extremely insecure.
Controlling this data flow can be accomplished (to some degree) by blocking these services with your firewall. Some can be stopped by attaching additional security to individual files. But for the most part, you will be most effective in stopping this leakage by creating a written policy and educating your employees.
2. How are your data backed up?
Strangely enough, most people assume that everything in the Cloud is redundant and backed up. This is absolutely not true. If you want your email backed up, you need to make arrangements for that. If you want your files backed up, you need to make arrangements for that. If you want a "disaster recovery" option that gets you back in business super fast, you need to make arrangements for that.
It is extremely rare for these backup services to be ON by default. Why? That's easy: It costs money to provide these services. Therefore, it costs you extra money to have the services.
You may decide you don't want a backup. Or there may be a variety of backup options at different price points. But you should ASK and you should decide on what you want. As with the storage services themselves, your I.T. Pro should provide you with documentation, including user names and passwords.
You may not know how to access a backup, restore lost email, or rebuild your storage. But a competent I.T. person will be able to do all those things -- IF they know where the backup is and have credentials to get in.
You Have to Play A Role
I always find it odd when I hear a business owner tell me that they lost control of their domain name and are not sure what to do. If you lost control of your domain name, that really means you never had control. Your domain name was not being "managed" by you or anyone else. And then it expired and it's just gone.
We are entering an era in which I expect to hear similar stories about companies losing all their data - Not because of a disaster, but because no one wrote down where it was or how it was managed. The data will live in the cloud forever after you forget where it is. But you'll never be able to access it.
As with so many things in technology, security ultimately comes down to good documentation. Your I.T. Professional should help you with this and give you a high level of confidence that your data is safe . . . and you can get it back if you need it.
Action Steps:
1. Ask your I.T. Professional to create a description of where your data are located, including all information needed to back it up and gain access to it. You don't personally have to understand all of this, but it should be in a form that other I.T Pros will understand.
2. Create a written policy for your employees and contractors that defines where your data should be and should not be stored. In most cases, you will want to explicitly prohibit the use of free services and personal storage areas on the Internet.
:-)
Truer words were never spoken. Much of the time and expense we charge new managed services clients is for us to plat detective and figure out where all the bodies are buried. So often the answer is "I don't know" or "Our old manager/web designer/IT guy" has that info. I've gotten pretty good at uncovering things, but w/ cloud services, the process is infintely more time consuming.
ReplyDelete