Why Keeping Your Servers "Where You Can See Them" Doesn't Keep Them Safe


As originally published in the American City Business Journals.
Do you know any of those people who keep their money under their mattress?
The rationale behind this practice is that your money will be safer under that quilt your grandmother made you than it would be in some bank.
From a pure security standpoint, though, your home is far more vulnerable than a bank.
Unless, of course, your house has motion-sensitive cameras, silent alarm systems, locked vaults that can withstand explosives, guards, and Federal insurance to replace your money in the event of theft or natural disaster.
I think most of us can accept that, objectively speaking, a bank with the above measures in place is technically a better place for our money than our bedroom.
But what’s actually at the core here is something much more subjective: distrust. Some people are just plain afraid that their hard-earned money will end up in the wrong hands unless they keep it within arm’s reach.
This is the same argument we see executives struggling with when it comes to cloud computing.
Why should you trust some outside provider to take better care of your own data than you can? How are you to know what’s actually happening to your servers when they’re out in some datacenter somewhere?
In most cases, your cloud provider — just like your bank — will be able to offer you much more in the way of security than you’d be able to duplicate at your offices. But in order for you to be comfortable with putting your data in their hands, I recommend taking the following steps:

1. Assess your provider’s security

One of the key benefits of a reputable cloud solution is that you’re able to use your provider’s equipment in your provider’s datacenter. Many will have extensive and robust security measures in place, but some won’t. To differentiate, ask for (intelligible, jargon-free) information on:

  • The datacenter’s physical security
  • Environmental controls in place
  • Redundancy measures for internet and power
  • Where your data is backed up (and how often)
  • How you’ll get support when you need it

If you don’t feel confident based on your provider’s answers, choose another. Period.

2. Assess your provider

When you elect to enter a cloud environment, you’re shifting part or all of your information technology burden onto your provider’s shoulders. Because of that, you need to be sure that your provider acknowledges the weight of this decision, and has the procedures in place to take good care of you.
One of the best ways to do this is to speak with some of their clients. Ask them things like:

  • How was the onboarding process? Did they take the time to educate your staff on the change, and train them on the new technology?
  • Does the system work for you, and help you accomplish your daily goals?
  • Do you have a support system you can rely on when you encounter problems?
  • Have you had any significant security incidents or outages? What was their response?

Again, if you aren’t satisfied by the answers you hear, turn your attention elsewhere — there is no shortage of options, but finding the right fit might take some time.
If, on the other hand, your hesitations have abated, I encourage you to explore the option further; I’ve seen businesses whose success has accelerated quite strikingly due to the mobility, reliability, and financial predictability of the cloud.
Maybe yours could, too.

New Call-to-action