The cloud has become a staple in both consumer and business technology. It’s funny how some people don’t know what the cloud is while actually using it in their daily lives. After all, if you’re using social media sites like Facebook® and Twitter or sending email through Gmail™ or Yahoo Mail, you’re automatically using the cloud. Where do you think all that information is stored? Certainly not on your computer.
Same goes for businesses. A lot of the most popular business apps, like Google’s Google Workspace or Microsoft® Microsoft 365™, are cloud-based. Our very own RingCentral takes pride in being the industry leader in providing cloud business communications solutions.
What is the cloud?
For context, the term “cloud” refers to the remote network or data center used to store files or host services, which are then delivered to different devices through the internet. RingCentral, for example, has multiple data centers across the US where the service is hosted.
Companies that are subscribed to RingCentral are able to access and use their cloud-based phone system through internet-connected devices, like IP phones, smartphones, tablets, and desktop and laptop computers.
Cloud computing security issues and challenges
While we’re now used to the technology, it doesn’t change the fact that companies are essentially entrusting sensitive information to third-party providers. In addition, the information also travels through the public internet where it’s at risk of being intercepted.
In an article back in January, CSO from IDG enumerated the top 12 cloud security threats for 2018. It includes security risks such as data breaches and data loss as well as inadequate identity, credential, and access management.
How secure is the cloud?
While there are security risks, the cloud is actually much more secure than you think. A lot of the security issues are associated with cloud services that are what you can call less than reputable.
But if you’re dealing with the top providers in the cloud game like Microsoft, Google, and RingCentral, then you’re more or less safe (though in the field of IT security, no system is 100% secure).
As the top names in the industry, it’s their business to make their cloud system as secure as possible. After all, their reputation is at stake here.
What security information do you need your cloud solutions provider to provide?
Reputable or not, cloud security should always be a priority especially when you’re entrusting sensitive data and business processes to a third-party cloud provider.
Even if the cloud provider has a good reputation for security, it still pays to know how exactly they are keeping your data safe.
That is why you should be diligent in finding out as much as you can about the types of security measures and policies the cloud services you’re considering are implementing to make sure their systems are secure.
Ask your cloud solutions providers about:
- Multi-factor authentication—Your provider of choice should, at the very least, employ this. It’s a method of confirming user identity through two or more authenticating factors, which could include something they know, something they have, and/or something they are. Some providers also implement this in combination with a Single Sign-on feature to avoid user login fatigue.
- Redundancy—Most cloud service providers store at least three copies of the same data on different servers. These can even be stored in different data centers. This should make the possibility of data loss very, very low.
- Multiple data centers—This is related to redundancy. Top cloud providers not only have multiple servers, they also employ multiple data centers across the globe. If one data center is compromised, other data centers can and take over.
- Data encryption—There are numerous regulations (state, federal, industry) focused on the protection of data while they’re in storage and in transmission. While it’s not directly stated that encryption is a requirement for compliance, it’s still the best way to meet those standards. Make sure that your cloud provider employs high-level encryption on all transmission endpoints.
- Physically secure data centers—The data centers of the top cloud providers are not only secure against cyberattacks, they are also very physically secure. It’s so secure that its security can rival some government and financial institutions.
- Account administration and user management—Understand the extent of account administration and user access control provided by the provider. The company and its administrators should have the power to grant, revoke, or demote access per user.
Aside from these, you should also ask the cloud provider about standards they’ve met and certificates they’ve acquired to give credence to their cloud security strategy and policies. RingCentral, for their part, has the following:
- Encryption of data-at-rest meets the compliance requirements and standards of the following:
- US Health Insurance Portability and Accountability Act (HIPAA)
- EU General Data Protection Regulation (GDPR)
- Payment Card Industry Data Security Standard (PCI DSS)
- Secure Statement on Standards for Attestation Engagements (SSAE) 16, Service Organization Controls (SOC) 2, and SOC 3 compliant data center with monthly audits
You also have to check if the cloud solutions provider has fraud prevention measures against risks like credentials theft or toll fraud. The system should have built-in service layer fraud protection and monitoring for possible anomalies. It would also help if the provider is continuously promoting best practices against fraud to their subscribers.
Finally, since you’re already being this diligent, verify if the information you were able to get is actually practiced by the provider. Talk to some of their existing customers to see if what they provide is just lip service or if they’re able to actually back up their talk.
Originally published Jul 11, 2018, updated Oct 19, 2020