Does your cloud application provider give you transparency !
As we live in a more connected world full of apps, many applications are now exclusively made for the cloud, no versions for desktop or installers, thats the way to go, as we move towards the IoT (Internet of Things) where we would have billions of devices connected to the internet through sensors, sending and receiving data in a an ultra connected environment.
Majority of these apps are either free to use or are priced in such a way you get certain features free of cost, then there is a premium offering.
Lets take a pause and think, have we ever thought where does our data stay, which country, how is the data privacy, data security, transmission, controlled within the app, when data travels from a mobile device or a browser over the internet, what infrastructure is employed.
Well a very common term used is “your data is encrypted over SSL”, well we all know by now what SSL is, interestingly enough, there is much more to a cloud service, we take a look at some of the key pointers:
- Does your provider tell you where the data is stored, which Data Centers.
- Does your provider offer insight on how disaster recovery is managed at their end, if one node goes down what happens or the overall design of the application.
- Does your provider provide details of how many channels data travels through, i.e. Mobile Web Services, Web Sites, Internal Communication with the Database servers, and how is all that communication managed is it encrypted, not encrypted.
- Is the Data encrypted at all levels i.e. At Rest (when it is on hard drive not being accessed), On Access (when a user accesses it through mobile app or web application), In the database (no matter what database you use MS-SQL or MySQL or Oracle, is the data encrypted in the database, so if anyone tries to restore a backup file on any other server, it would not work without authorization or proper keys in place), While transmitting (when data travels over the internet through web servers, mobile apps, push notifications, etc).
- What processed is followed to stay safe, in terms of ongoing improvements to the infrastructure and ability to respond to new threats in terms of time and capability.
- Do they follow standards to harden the application, to have secure programming practises.
The list can be a never ending list of things, being a Cloud Service Provider comes with more responsibility and self-accountability than ever before. What is important is that your cloud application provider transparency and uses concrete evidence to back their claim and not pure MARKETING TERMS.
We at HR Chronicle strive to follow the best standards, so you can be sure your data is in safe hands.