There are well-publicized cost advantages for businesses that move data storage to the cloud. But even when a firm outsources these tasks to a cloud storage provider, it is still that company’s responsibility to ensure security and regulatory compliance.
For this reason, it is important to evaluate the security practices of any provider before you make a choice. Paramount to that are three areas: security, customer support and corporate integrity.
First and foremost, providers must adhere to stringent industry security standards to meet client expectations, regulatory requirements and industry best practices. There needs to be a concerted focus on application, data, infrastructure, product development, personnel and process security. Most reputable suppliers will restrict employee access to information-and control what employees can do with the information that they can access.
Furthermore, financial security regulations require more than technology — they require a complete life cycle approach. Providers should offer comprehensive training and continue to audit performance. The best providers understand that security can only be maintained through constant monitoring. They pay close attention to both current trends and potential threats on the horizon. These providers will recognize various types of threats and take swift, decisive steps to limit exposures. Proactive security greatly reduces the risk that confidential information may leak and cause damage to a firm’s reputation.
Top-tier cloud storage vendors will also be able to explain how they use multiple layers of security to protect sensitive data and assets. With so much private client information in the data (such as social security numbers, bank account numbers and employment records), a layered approach to security is critical — but it is something that most web hosting or internally hosted sites do not provide.
Just as their applications are available around-the-clock, sound service providers are as well. Support and assistance to help users deal with software and services should be available 24/7/365, and they should provide zero-hour responses to any security threats or concerns of the client. The best cloud storage companies operate support and incident response teams at all times-something that will be particularly vital given the limited IT resources that companies that store their data on the cloud typically have at their disposal.
When comparing cloud storage providers, it is essential to determine their ability to deliver on their promises by holding discussions with existing customers, accessing the public record and inspecting audit and incident reports.
Another indicator of a secure implementation is an independent audit such as a SAS 70 Type II certification. In the financial sector, most prime brokers, fund administrators and even a few funds are going through this process to reassure investors that they have the proper security procedures in place. Any fund or a fund administrator that is SAS 70 Type II certified should ensure that their service provider of choice has met the same standards.