In the past couple years, software has increasingly gone the way of the cloud. Also known as Software as a Service (SaaS), cloud computing is quickly becoming the predominant technology infrastructure. In 2012, cloud software revenue reached a whopping $14.5 billion (Gartner, 2012). That number only continues to grow, as a new 451 Research report predicts an excess of $20 billion in revenue by 2016, and it’s not hard to see why. Software in the cloud offers a lower cost, a month-to-month pay structure, accessibility from an internet browser, and no installation requirements.
However, the number one hesitation of those that switch to the cloud is data security, and it’s a valid concern. Not all cloud-based companies maintain the same level of security, so in order to ensure your data will be safe and protected, make sure your provider partakes in the following security practices before making the switch.
1. Data is transferred via a secure FTP
Make sure your provider uses a security certificate purchased through a vendor to secure their connection. The FTP connection should also use SSL encryption.
2. The data should be housed on segregated machines
To ensure clients are not able to see one another’s data, it is imperative that your cloud provider houses data on segregated machines. Each client’s data should be kept on a separate drive.
3. Electronic protection
Cloud providers should have adequate hardware and software firewalls in place, as well as standard anti-virus software that continually monitors everything on their server.
4. Multifactor user authentication
Electronic access to the servers should use multiple layers of standard authentication for added security, including VPN access, firewall ACL’s, and vendor authentication.
5. Physical security
Make sure access to the software provider’s physical servers are only limited to authorized clientele, and are strictly monitored at all times. Cameras and thumbprint authentication are common physical security measures to ask for.
6. Co-location handling
If your provider users a third party co-location data center, they should have passed the SSIE16 audit process. More information here.
7. Data protection policy
Lastly, make sure the company provides a formal document that details each practice listed above.
PolyVista’s advanced analytical engine is now available as a hosted solution. Users are able to access powerful data analytics in a browser safely and securely. For more information on our cloud services, click the button below.