On a daily basis, thousands of companies store their business files with one of the many available cloud storage providers. In addition to the price, companies should pay particular attention to the security of the service. In order to check the security standards of any given cloud storage service, you should seek an answer to the following 7 questions:
1. Does the cloud provider store your data redundantly?
If the cloud provider stores your company files redundantly, you are better protected against data loss. Many low-priced providers will only store the data once.
2. Is the data stored in several, geographically dispersed data centres?
You are additionally protected against data loss if your files are being stored in several, geographically dispersed data centres. Even if a provider stores the files reduntantly, your business files are not optimally protected when they are all stored at the same location. Geographical distance between data centres simply offers a superior protection against force majeure.
3. Where are the data centres located?
The chosen server locations tells you a lot about the privacy protection you can expect from a cloud provider. Generally, data is better protected in Europe as opposed to the US because the data privacy policies in Europe are stricter. You will generally reduce complexity if you choose a provider that operates within the same legal area as your business.
4. Who owns and maintains the data centres?
Many cloud providers are not in possession of their own server infrastructure. They rent this from large enterprises such as Amazon, then sell the storage space on to their customers. Knowing this, you should check whether third parties are involved in offering a cloud storage solution before signing with them. If a third party provider is involved, thoroughly read through the general terms of business to understand their role.
5. How is the data encrypted?
Data can be encrypted in different ways in order to protect it against unwanted third party access. Check whether the data is well protected when being up- and downloaded from your computer to the remote servers. Furthermore, make sure that the data is encrypted on the server side (when stored) in such a way that the employees of the cloud provider also cannot access your data (zero knowledge architecture).
6. Does the cloud provider offer 2-factor authentication?
2-factor authentication can be regarded as a standard procedure when it comes to dealing with important files. With this method, you do not only use your password and username to log in to a system but also need an additional step in order to identify yourself as someone with access authorisation.
7. Can you delegate user roles and access rights?
Systems with different user roles protect the company files better. Check whether a cloud provider offers the option to delegate different user roles and rights. Only with this functionality can you decide who is allowed to see, download and adapt important files.