Are you sure your data is secure in the cloud? Here is a checklist you can use.
- Does your cloud backup service provider have access to your data? If you have answered in the affirmative, you are in trouble. Your service provider must not have access to your data. The service provider must specifically guarantee that physical and electronic access to the data center is restricted to authorized personnel only.
- Evaluate the authentication and authorization protocols that come with the cloud backup software. Multi-factor authentication protocols will make for greater security. However, if the software provides for an effective user management system, which can be managed as per the policies of your organization, and the Administration access is doubly secured against unauthorized access, you have a fairly robust system in place. You may also need to train your users to understand the importance of data security and to ensure that they do not share their passwords and user ids with unauthorized personnel. The user id and password of employees, who have left the organization, must be immediately removed, so that disgruntled employees do not compromise information and disclose/download private information of customers to the detriment of your organization.
- Verify the strength of the cryptographic algorithms that are provided by your cloud backup service. Most cloud backup services use Blowfish, Triple DES or AES 256 cryptographic algorithms to safeguard enterprise information against unauthorized access. A few cloud service providers have submitted their algorithms to third party certification authorities for testing and verification. FIPS 140-2 certified algorithms are considered to be robust and well tested algorithms. Moreover, the encryption key should be user defined and the key should be secured by the user, so that it is unavailable to third parties, or even to the cloud backup service provider. Furthermore, users must ensure that the cloud backup service encrypts the data at source and retains it in an encrypted format in flight and at rest, in the data store.
- Check if your cloud backup service has a disaster recovery and backup plan. Most cloud backup services create hot sites and disaster recovery sites to ensure that customer data is not lost due to natural or manmade calamities. Data is continuously (or as per pre-defined schedules) mirrored, replicated from the primary data center to the secondary data centers. The secondary data servers are configured to seamlessly take over from the primary server in the event of an outage.
- Finally, check out whether the cloud backup service allows you to define alerts and log events for instant action at your end in the event of a data breach.