Where is Your Data and Who Can See It?
We are all in the cloud. The concept of cloud computing and cloud storage has revolutionized the way businesses handle data storage and software distribution. We have helped many of our clients utilize cloud-based services, and these days, most of us are connected to this entity labeled as “the cloud” in one way or another. The question is, how can we tell if our data is safe?
Real Quick, What’s the Cloud Again?
It’s not a dumb question, because the term “the cloud” is used synonymously for essentially any data stored on the Internet. It’s a very broad term with a lot of loose ends. Technically, Twitter and Facebook are “the cloud” and your website host is also “the cloud.” Google Drive, Dropbox, and Microsoft 365? They would also fall into this category.
If you store data on the Internet in one way or another, you are essentially in the cloud. If you want to split hairs, you can even look at having an online bank account as being in the cloud, because your personal information is stored on the bank’s online servers.
If you send digital photos to get printed at Walmart, those photos are going to Walmart’s servers and stored in, you guessed it, their online cloud. When you attach a file to an email in Gmail, that file is stored on Google’s servers in the cloud. When you ask your Amazon Echo to remind you to wake up early next week to make it to your oil change, your voice is being transferred to the cloud, and your schedule gets processed and sent to your device.
New Hampshire businesses use the cloud for storing company data, sharing documents, or even using cloud-based apps like Office 365 to edit files from any device. Often, line of business applications will have cloud options too, so the software itself and all the data is stored offsite.
You Make It Sound Like Most of Our Data is Online… Is This Bad?
Well, depending on how you store your data, this might be the case. Whether or not it is a good thing or a bad thing depends on what your data is and where you are storing it.
Many businesses still have onsite servers where they store company data. This means the responsibility to keep those servers secure is on them. It’s no different than storing all of your vacation photos on your home computer - if something happens to your computer and the files aren’t backed up, you might be out of luck. This is why we all take precautions to secure our networks, install antivirus, set up firewalls and security devices for our businesses, backup data, etc.
The cloud is just someone else’s computer. If we store data in the cloud, we are entrusting someone else to protect it. There are pros and cons to this.
First of all, if someone is in the business of storing data online, ideally they are able to afford the best security to keep that data safe. This isn’t a guarantee, but chances are a massive company like Google or Microsoft has more capital to invest in protecting the data of their customers than a small business.
The problem is that not all cloud solutions are created equal, and they aren’t all investing the massive amounts of money needed to protect the data that they store. Plus, these solutions are bigger targets for hackers. A massive data breach at Microsoft would be a huge score for a group of hackers.
We’ve seen situations where these big cloud entities have been breached before in the past. Yahoo, Google+, Dropbox, and Apple iCloud, have all experienced different levels of security breaches, and major cybersecurity attacks happen all the time.
So Should I Pull My Business Out of the Cloud? What Should I Do?
That might feel like the best answer, but it really comes down to what you are storing and how you handle the data. Here are a few tips that will help you understand the risks and protect yourself moving forward.
Encrypt Your Data BEFORE Uploading it to the Cloud
Many cloud solutions talk about data encryption. Most public-cloud solutions, for example, say that they use 256-bit encryption. (256-bit encryption is extremely hard to crack - it’s theorized that it would take fifty supercomputers a million trillion years to crack this type of encryption). That all sounds great, right? Unfortunately, in some cases your data is only encrypted while it’s being transferred. Once the data is stored, it’s no longer encrypted.
This means, theoretically, employees at that company can potentially access your data. It also means if that company is breached, the hackers could too. If your data were encrypted and stored in an encrypted state, it doesn’t matter who accesses your data, they won’t be able to read it without being able to unlock it first.
Never Use the Same Password Twice, and Always Use Secure Passwords
This applies to anything you do online. If your passwords are different across every single online account, one data breach will hopefully not lead to more.
Understand Your Industry Compliance Regulations
Many data privacy laws and industry compliances revolve around the storage and transfer of your customer data. For example, anybody who deals with medical records needs to understand HIPAA compliance. You simply can’t transfer or store data through a third-party solution that doesn’t also strictly comply with (or exceed) your industry regulations.
Just Be Careful
Cloud storage is a huge, rapidly growing industry. It’s massively profitable and has a fairly low entry point. Plenty of up and coming services offer low-cost data storage, but they might not be doing much to protect your data.
When in doubt, the experts at White Mountain IT Services can help. Give us a call at 603-889-0800 to talk about how to safely store and transfer files, meet industry compliance regulations, and have a healthier IT infrastructure overall.