Monday, November 04, 2013

Going to the cloud for storage

 Q & A - cloud storage

Q: We are looking very hard at the cloud as it would be very useful to our business particularly with free lance journalists and having more than the one office, but the MD does have reserves about the security aspect.

Many thanks

A: Make sure you look into the data protection requirements for the data you are storing and where it has to be stored.
Sometimes depending on the legal requirements of what you do means you have to store you data within the geographic area it is from (or the people it talks about are from).
I only mention this because if you go 'cloud' with some providers you can specifiy where the data is stored (EU, US, UK, London, etc), but you also have to understand that your data MIGHT be backed in other places as well.

Most decent cloud storage services will have at least 3 copies of your data on hand at any one time, one that you are using which is your closest and fastest datastore, the others will be on different servers probably in different server farms across the globe so if one dies they simply redirect you to the next nearest one until the broken one is replaced.
So if you have regulatory requirements for data storage make sure you check where you data is going to 'be'.
Also make sure that your cloud storage does keep active mirrored copies of your data and has an undo/previous versions option....

Just because it is in the cloud does not mean someone wont delete it

On the security front there are different kinds of security to investigate;
  • Access, who can view/edit/change/delete your data (you should have 100% control over this)
  • Hardware Encryption, how the physical data is stored on the 'disk' (you wont control this but make sure it is in place), this means people cant open the raw data blobs direct from the server even if they have 100% access to the disks
  • Software encryption/locking, users can add passwords to files for an added level of security, but remember that these passwords have to be managed (and not via post-it notes or in a group email for example)

No comments: