Cloud computing is just another way to describe a computer located elsewhere, often overseas, where products or services can be offered from one central online location. Instead of buying software to install on your own computer, cloud ‘software as a service’ providers (SaaS) can deliver a cheaper, centrally managed system that is regularly updated without the hassle of having to upgrade.
The most obvious example in New Zealand is Xero, the accounting tool that’s available to use online or via an app. If you use one of the big webmail providers like Gmail or Outlook.com that’s also cloud computing in action – your data is stored on a server and can be accessed by any connected device.
For recovery purposes, cloud backup services offer anyone the option of creating a copy of their important files and placing these with a third party that is also offsite – not in the same building or in the same continent. Popular examples for home users include Google’s Drive storage offering and Microsoft’s OneDrive.
A cloud service helps you address several key risks and also adds value, helping you improve your productivity through:
- Data Loss Protection: Backing up to the cloud makes it easier to recover data affected by crashes, the loss of devices, hard disk corruption and even natural disasters.
- File Sharing: Storing files and information in one central ‘pot’ – and being able to work on projects collaboratively – makes it easier to share stuff with colleagues, friends and family
- Anytime, Anywhere Access: Keeping your music, email or business and accounting records ‘in the cloud’ makes it easier to access, use or refer to information anytime and on multiple devices.
How do I choose a good cloud provider?
There are lots of different options when it comes to cloud backup services. The best thing to do is research a range of products and see what matches your needs based on the amount of data you need to store, the price and the security offered.
Some businesses may also want to consider ‘data sovereignty’ issues, i.e. where are the cloud computers physically located and what laws apply? Most countries have their own laws around data security and privacy and some NZ companies may want to ensure their ‘property’ stays on cloud servers within national borders for peace of mind and/or regulatory compliance.
Other questions to ask could include:
- How is my data secured?
- What standards does your service meet?
- What kind of features do you offer and how do free and paid-for products compare?
- Can staff at the cloud company access the data stored?
- How is access controlled and monitored?
- Is the data or metadata information used for any commercial purpose?
- What can of support can I get over the phone or by email?
- What service level can I expect and do you guarantee a speedy response?
- Who is ultimately responsible for the data is a problem occurs?
There is more guidance available on the Office of the Privacy Commissioner website:
- Using the Cloud
- Cloud computing checklist for small business
- The New Zealand CloudCode may also help you understand business risks and what questions to ask any provider.
Security and the cloud
When looking for a cloud provider it makes sense to understand what kind of service you’re really looking for – do you want to find an easy way to share a few files with friends and colleagues – Dropbox is the most popular player in this space – or do you want to securely store copies of sensitive business information away from prying eyes?
If you’re looking for the latter option, then encrypting your data – ‘scrambling’ it with a key that prevents casual use or access – is essential and here’s where more decisions come into play.
There are three common cloud encryption types:
- Shared-key encryption: This is the most common form of cloud encryption where the service provider knows the encryption key as part of the encrypt/decrypt process of saving your data onto their service. In theory, the provider could access your files without you ever knowing or make them available to others accidentally or following a legal request if the key to unlock the data is shared.
- ‘Zero knowledge’ encryption: This form of cloud storage was made famous by NSA whistleblower Edward Snowden who encouraged users to choose a system where cloud providers store data without having access to it themselves. This is usually accomplished by using encryption software provided to you but where only you know the encryption key.Some people believe the software provided by cloud companies might still have a government approved ‘encryption backdoor’ but a zero knowledge system should be more secure. The downside is if you forget your key then the service provider cannot help you recover your scrambled files.
- Manual encryption: If protecting your data is of the utmost importance, then taking sole responsibility for encrypting your files with a method or system you choose before you store them up in the cloud is the solution. There’s no shared-key to worry about or concerns about unknown backdoors. The downside is encrypting/decrypting your data may add time to the process.
If you choose to go for the manual encryption option, the next step is to find an encryption tool that suits your risk profile, operating system and preference for a proprietary over open source solution. Popular options include Microsoft’s BitLocker, Apple’s FileVault, Symantec’s Drive Encryption and BestCrypt.
When it comes to choosing a cloud storage solution, take time to identify your requirements and make sure you understand what the service is providing for the money. Assess the risks you’re prepared to accept and weigh up the balance of security vs usability.