It’s impossible to talk about cloud computing without mentioning security and, with certain cloud providers recently failing to adequately manage their systems, the topic is hotter than ever.
Cloud computing suppliers have a duty to all of their customers to store their data securely, but it’s not always clear what you should be asking when you’re on the phone to a sales team. I recommend that government organisations ask their potential suppliers the following key questions before making the leap into the cloud.
- Access restriction: Does the service or system provide different levels of access for different groups of users and logically separate areas to store related information?
- Data security:How is your information secured when in transit to and from the data centre? All transmissions to and from the application should be encrypted at 256-bit through SSL or similar. This prevents external parties from snooping through your data when it’s in transit. Physical security is equally important, so check that your supplier’s primary data centre management is up to scratch.
- Availability: Does the supplier publish their uptime figures? Huddle, for example, guarantees 99.9% uptime and we regularly exceed our guarantee. (http://uptime.awaremonitoring.com/uptime/huddle/)
- Geographical location: Where is your data stored? Public sector organisations in the UK and Europe should ensure that their data is stored within UK or EU data centres. Many cloud providers store data or run their processes overseas.
- Backup and disaster recovery: Find out whether the service provider replicates your data to a disaster recovery site and how long it takes to switch over. Ideally, data should be replicated in real-time between centres and failover should occur within minutes. You should also determine who has access to the data centres and what physical security measures are in place. Is there live video surveillance, an onsite security team and restricted staff access?
- Exit strategy: How easy is it to leave the service? Make sure you can export your data at will.
- Conditions of use: Does the supplier have any best practice examples for conditions of use within government? It can be good practice to ask your staff to sign a document detailing the specific conditions of use of a cloud service within your organisation.
On Monday, our final instalment of our Introduction to cloud computing in government will cover how cloud services are currently being used in government.