Since cloud computing hit the commercial market, cloud service providers have exploded in popularity, with a huge variety of different services each tailored to its own unique variety of client. For clients, though, this presents a challenge: how to find the right provider? Out of all the numerous options, which one is best for your business?
Of course, in order to answer that question, you first need to know what needs a cloud provider will serve. In other words, what is your unique set of priorities in making the selection? For most people, the primary benefit of cloud computing is that it reduces costs, and so price will be a prime consideration in choosing a service provider.
Price, though, cannot be the only consideration. For some firms (those with a large quantity of data), size and efficiency are key. For others, the availability of customized service packages is important.
But the most important priority for any firm, and the one too often overlooked by smaller businesses, is security. Security in cloud computing is a serious matter, as cloud servers cannot be protected through traditional means (i.e. by maintaining direct control over the physical server). In order to choose a cloud provider effectively, managers and CIOs need to understand the security provisions of each provider – and this can be difficult, since so few people have a security background!
The problem is compounded by regulatory demands: if a firm is attacked through the cloud, it may be legally responsible for any damage or data loss that affects customers. For example, if customers’ credit cards are stolen from the cloud, the firm that stored them can be sued for enormous damages, unless adequate security measures were taken from the beginning. Failure to comply with these regulations places a firm at tremendous, and largely unnecessary, risk.
Fortunately, there are a few key industry standards that even a non-expert can easily use to identify which providers meet at least the minimum security needs. SSL (Secure Socket Layer) is the industry standard security protocol that all cloud providers should offer. This protocol involves a complex exchange of private and public keys between the domain and the browser, in what security professionals call the “SSL handshake.” This handshake opens up a secure channel for data transfer, preventing third parties from intercepting, tampering, or eavesdropping.
In order to reach minimum industry standards for security, cloud providers should offer at least 128-bit SSL encryption (ideally 256-bit encryption), along with robust guarantees regarding the physical security of data centers.
If you can follow these guidelines in Choosing a Cloud provider, you can minimize your risk of data loss, theft, or online attacks, and thus serve your customers better while ensuring regulatory compliance.
Contact CloudTweaks for more information on our consulting services and whitepaper listing opportunities.
By Brent Anderson
