Posted on: 27 April 2015

Fundamentally it is the quality and integrity of your cloud service provider (CSP) that will determine how at risk your data and your business are when you start using the cloud. As Alex Hilton at the Cloud Industry Forum (CIF) says, “at the end of the day, good security starts with choosing the right provider.” But how do you know you’re choosing a good one? Because although the industry has cleared up its act over the last few years, there is still plenty of room for improvement.

The CIF Code of Practice

A good place to start is the CIF’s Code of Practice, which all its CSP members have been certified against. The aim is to demystify the process of selecting a CSP and to give businesses assurances that their data will be properly protected and handled. As Alex Hilton from the CIF explains, “CSPs that have certified against the Code have demonstrated that they meet specific requirements of transparency, capability and accountability set out by CIF.”

Know your CSP

Next it’s about matching the needs of your business with the services of a CSP.

“Small businesses should carry out a basic risk assessment on the sensitivity of their data, any regulatory considerations and the requirements for access to the data,” says Alex Hilton. “Once they understand the risk and their operational needs, they should compare the security model, associated cost and efficiency of an on-premise solution to that of potential cloud providers.”

The suitability of a CSP is also affected by their fit with your organisation. “Ideally you are looking for a cloud provider who understands and can deliver to the needs of your business,” says Dr Edgar Whitley at LSE. “For example, how well does the cloud provider’s strategic ambition for service quality align with your desires for service quality?”

“There is no one-size-fits-all cloud,” Alex Hilton continues, “and certain cloud deployment models will offer greater safeguards when it comes to security. Moreover, there’s an element of getting what you pay for when it comes to the cloud. Customers would be well-advised to look closely at their service level agreements to find out what’s included, and, importantly, what’s not before signing up for any cloud service.”

Questions to ask yourself before settling in the cloud

If you’re satisfied that the benefits of cloud computing outweigh the risks for your small business, and you are comfortable with your ability to manage any risks that you’ve identified, now is the time to ask yourself the following five questions:

  1. Will cloud technology enable me to achieve my objectives more quickly and more cost effectively?Or are they just a gimmick? As with any business purchase, don’t just buy it because everyone is. Identify the tangible benefits – cost, time and opportunity.
  2. How much storage do I need, now and in the future? Whichever cloud service provider you choose will need to have the capacity for you to grow as your projections foresee.
  3. Where do we want to access our data from? The types of devices and their locations will determine what kinds of applications are going to work hardest for your business.
  4. What kind of support do we need? If you’re a shift business then 24 hour access to a person who knows how to help in the event of a problem is going to be vital. And whether you want them to be available on the phone, via email or through livechat will be an important factor.
  5. Have we considered using a cloud broker? Cloud brokers help you find the right services from the right providers at the right price, however they are really only applicable if your business is larger and more complicated.

How to stay secure once you’ve decided to use the cloud

Eight tips for keeping your data safe and secure

  • Read the small print of your chosen cloud services provider very carefully and challenge anything that doesn’t seem right.
  • Get the right service contract in place.
  • Think carefully about what stays in house and what gets sent up to the cloud as not everything needs to involve the cloud.
  • Vary access levels so that only a few people have the highest level of access. Up the level of security those people have to go through to access information.
  • Vary what people can access depending on what device they’re using – for example, their phone has more limited access compared to their desktop.
  • Isolate company data from personal data if staff can use personal devices for work.
  • Put extra security measures on databases containing more sensitive or valuable data.
  • Use analytics to spot signs that data has been breached.

How to stay secure once you’ve decided to use the cloud

Eleven tips for keeping your data safe and secure

  • Read the small print of your chosen cloud services provider very carefully and challenge anything that doesn’t seem right.
  • Get the right service contract in place.
  • Think carefully about what stays in house and what gets sent up to the cloud as not everything needs to involve the cloud.
  • Vary access levels so that only a few people have the highest level of access. Up the level of security those people have to go through to access information.
  • Vary what people can access depending on what device they’re using – for example, their phone has more limited access compared to their desktop.
  • Isolate company data from personal data if staff can use personal devices for work.
  • Put extra security measures on databases containing more sensitive or valuable data. Discuss the options with your CSP.
  • Use analytics to spot signs that data has been breached.
  • Ensure that your business continuity plan includes details for your CSP.
  • Have adequate security software and tools to protect your data.
  • Physical access to the premises should only be by authorised personnel, check this is the case.

Find out more about cloud computing

  1. What is cloud computing
  2. The advantages of cloud computing
  3. How to be safe in the cloud (You are here)
  4. The risks of cloud computing

Compare quotes online:

Get quotes now

Or for expert advice call:

  

Request a call back

What is cloud computing?

Business Guidance

What is cloud computing?

27 April 2015
What is cloud computing

Business Guidance

The advantages of cloud computing

27 April 2015
The risks of cloud computing

Business Guidance

The risks of cloud computing

27 April 2015

Subscribe to the knowledge centre

Please note that fields marked with asterisk (*) are mandatory.


The information and tools contained in this guide are of a general informational nature and should not be relied upon as being suitable for any specific set of circumstances. We have used reasonable endeavours to ensure the accuracy and completeness of the contents but the information and tools do not constitute professional advice and must not be relied upon as such. To the extent permitted by law, we do not accept responsibility for any loss which may arise from reliance on the information or tools in our Knowledge Centre.