Cybersecurity

To cloud, or not to cloud.  That is the question.

By Veriato Team

If you are thinking about storing sensitive information in the cloud, you need to be as sure of the security of that data as you would be storing it on your own infrastructure. In effect, you are outsourcing data storage. And there are good, valid reasons to do so. Most of them stem from a lower costs (or the perception of lower costs) and management overhead.

Here is a list of questions you need to have answers to before committing to a cloud based service.

Physical Security

  • What access controls are in place at the data center?
  • Is the data center SAS70 certified?
  • What are the processes and procedures around physical access to the servers where your data is stored?
  • Who is allowed access?
  • How are they vetted from a security perspective?
  • What background checks were performed?
  • How is the staff that has access monitored?

If the provider you are thinking about trusting with your data is serious about security, they will be able to produce a document that speaks to this without hesitation.

Architecture

  • What happens if another customer in the shared environment overuses their capacity?
  • What are the impacts to you?
  • What guarantees are you offered that your performance will not be impacted?
  • What logical security exists to ensure that no one else besides you (and the people at your outsourced provider) can access your data?
  • What encryption is used when the data is in motion?
  • What encryption is used when the data is stored in their data center?
  • What auditing exists to you can look and see how your data is being accessed, and in the worst case, how a breach occurred?
  • What disaster recovery options are offered?
  • What is their Recovery Time Objective (RTO) to restore your data in event of a hardware failure?
  • What is their Recovery Point Objective (RPO) that measures their tolerance for data loss, and is it an acceptable level for your company?
  • Who has access to the backups?

A quality provider will be able to provide detailed documentation that addresses these questions without hesitation.

Veriato supports private cloud deployments, and encourages our customers to be certain they have addressed the above should they consider deploying our technology into a shared cloud infrastructure. While many of our customers elect to deploy using a private cloud, routine surveying of our customers – particularly those in financial services, healthcare, pharmaceuticals, and manufacturing (area where compliance mandates require greater control and where the value of corporate data is fully understood) tell us that an on premise deployment remains their preferred approach.

Insider Risk – How Prepared Are You?

Not every company is equally prepared to deal with insider risk. This report outlines the four stages of insider risk maturity and explores how to improve your insider risk preparedness.

About the author

Veriato Team
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida.

Productivity & Insider Risk Resources

Work From Home, Quiet Quitting, and How Insider Risk Has Changed

Work From Home, Quiet Quitting, and How Insider Risk Has Changed

March 2023 marks approximately three years since the world shut down at the beginning of the Covid-19 pandemic. Since then, organizations have seen their workforce change considerably. What was originally a short term plan to work from home has become ingrained in our...

Focusing On Productivity Helps Reduce Insider Risk

Focusing On Productivity Helps Reduce Insider Risk

Many companies are concerned by the uptick in insider risk that’s come with the work-from-home boom. By one estimate,  58% of office workers work from home at least one day a week. This trend creates blind spots for companies. Managers see their employees less often,...

Elizabeth Harz RSAC 2023 Interview

Elizabeth Harz RSAC 2023 Interview

Elizabeth Harz, CEO of Veriato, gave an interview to ISMG at this year's RSA Conference in San Francisco. In it, Elizabeth covers the challenges of maintaining data security in the remote or hybrid workforce environment and the rising cost of data breaches. She also...