How secure is your data? Cloud data storage is becoming a massive industry in this country, and many businesses and other institutions are putting their data into the cloud. Some of this data is pretty harmless. Other stuff — like hospital records, banking information, or company payrolls — are prime targets for bad actors. Is the cloud storage trade off worth it?
The short answer is yes, but only if your IT guy is encrypting your sensitive data. Every cloud storage company you talk to will claim to take top-of-the-line security measures on behalf of your data. But that, in a nutshell, highlights the problem with cloud storage. Your data is entrusted to a third party for safekeeping. It’s possible that they’d do everything in their power to safeguard your information. But bad things, like ransomware, phishing, or just plain going out of business, do happen. And when they happen, it’s not the cloud storage company whose data is on the line; it’s yours.
Even if that doesn’t occur, let’s be honest. Most of the major cloud storage companies are based in the United States, the U.K., or France, where they could be subject to NSA snooping (or questionably legal surveillance from any other government entity). Despite the best efforts of many storage companies to prevent government intrusion, your data could still be at risk, even when it’s locked up tight.
Most cloud storage companies protect your data with their own encryption, but you’ll have to find out if they are able to access the data (since they may have the keys), or not. Further, your IT provider should be instituting some additional means of encryption whenever feasible. Laptops, for example, should always be encrypted if they are used by employees. An encrypted laptop protects your data, even if the laptop is stolen.
Additionally, your IT Provider (even with Cloud-based products) should still discuss redundancy and backups with you. Most Cloud storage companies, including Microsoft and Google, do have a regular backup of your data in place. However, we also recommend that you implement an additional layer of security and use a third-party backup product as well. Not only does this give you additional control, multiple protections against failure and outages, but it also allows you to access your data if the initial storage location has a service outage or failure.
Many people have a misconception that these criminals will just use a magic program to crack your encrypted files. Decryption does exist, but it requires a lot of time and processing power. It’s far more likely that hackers will target your email or other aspects of your system and try to find out the encryption codes that way. And never forget that people are the weakest part of your IT security. Educate employees so they aren’t vulnerable to phishing scams, downloading questionable software, and visiting the wrong websites.