CloudSecurity_Body.jpgby Jennifer Shaheen.

If you’re a small business owner who’s looking for assurances that it’s possible to keep your business information or client data absolutely confidential, no matter what, Patrick Weir has some news that you’re not going to want to hear.

“There is nothing that’s 100-percent secure, whether you’re on the cloud or completely offline,” says Weir, the CEO of EZTrackIt, a cloud based package management system. “Nuclear power plants and high-powered government installations have tried to secure their operations by cutting off all access to the web, and even they discovered that they were still vulnerable.” So once you acknowledge that no type of data storage is perfectly secure, Weir says the issue then becomes how much should you trust the web, or store your data locally?

Where’s the safest place to keep your data?

Even local, on-site storage is no guarantee of data security. “Recently, the onslaught of natural disasters, the latest being Hurricane Sandy on the East Coast, has taught some of us a very harsh lesson,” says Natalie Sulimani, founding partner of Sulimani and Nahoum, PC, a New York City-based law firm. “Redundancy is important. Maintaining files in multiple locations is a must.

How many files were lost due to flooding or a server going underwater? If it was even one, then it was too many.“

One of the primary advantages of the cloud for small business owners is that your data is stored remotely, hundreds or even thousands of miles from your place of business. This puts it safely beyond the reach of any localized natural disasters.

Weather is only one of the factors that could compromise your data security. Data theft can be an internal threat, if unscrupulous employees steal customer information for nefarious purposes, or your data can be among that targeted if a cloud-based system like Gmail, DropBox, or Salesforce is hacked. Ironically, it’s easier to defend against the latter problem.


“Cloud computing puts your files in the hands of competent IT professionals who will secure your information and provide the necessary redundancy so that if a server goes down, your files will live on and be available when you need them from another server,” Sulimani explains. “Their major, if not sole, purpose—and the reason you pay them—is to safeguard your files and ensure that you will always have access to them when necessary, so they are highly motivated to do it well and properly.”

If someone tries to hack into a major cloud-based system, to try to steal confidential information, for example, their security teams are continually watching. “They’re going to be all over that like a swarm of angry bees,” Weir notes. By contrast, backing up your data locally with a small company that manages many things means there’s a chance any vulnerability of theirs may be missed for quite some time.

What happens if something goes wrong?

“Part of the reason we’re so comfortable with cloud at the moment is there hasn’t yet been a breach,” says Lori Mac Vittie, senior product manager of emerging technologies for f5, an Internet security firm. Mac Vittie is a subject matter expert on cloud computing, cloud and application security, and application delivery. “But it’s not a question of ‘if,’ but rather ‘when’ there will a breach.” Rather than going forward in the expectation that a security breach would never occur, it’s smarter for small businesses to develop practices that would minimize the damage if there was a problem.

Reduce risk by being selective about what information you entrust to cloud storage. “The type of data you give a cloud-based company is entirely up to you,” Weir says. “If there’s no compelling reason to put extremely sensitive data like social security numbers or client birthdates into the cloud, don’t put it there.”

“The answer to ‘Should we store data in the cloud?’ depends on the answer to ‘What are the consequences of this data getting into the hands of competitors or thieves?’ combined with ‘Is that an acceptable risk?’” Mac Vittie adds.

SBC newsletter logo.gif

The questions you need to ask about the cloud

Before you commit to placing your data with any cloud-based service, Sulimani recommends doing your due diligence. “Investigate the online storage site’s security measures, policies, recoverability methods and other procedures,” she says, “and ensure that the online storage provider has available technology to guard against breaches.” Doing this will let you know what steps the service provider does to protect your data, as well as what steps they’ll take to get your data back should it be lost for any reason.

It’s also important to understand your legal relationship with the service provider. Do they have a legal obligation to keep your data confidential? Will they notify you of any subpoenas regarding your information? If you decide to stop working with that service provider, what happens to your data? To find the answers to these questions, you can read the terms of service, ask the provider directly, and consult your business attorney.