How to select a cloud storage provider

Many Australian organisations regard cloud storage with a tentative curiosity. Cloud storage can potentially transform how organisations store their data, and how workers collaborate, but consistent reports of cloud security breaches cause many organisations to baulk at employing such technologies.

So there’s a lot riding on your choice of cloud provider - pick the wrong one and you could end up a headline in the next data breach news story. However, picking between these providers can be confusing. We’ve recently discussed data sovereignty issues at Voice+Data, but there’s much more to the decision than data centre location.

Mark Randall, Country Manager for Australia and New Zealand at cloud storage provider Rackspace, says there are three main criteria for selecting a cloud storage provider.

1. Physical security

“Where is the data kept? How secure is the location? If you’ve got a server in the corner of your office, [it’s] probably not that secure,” Randall says.

“One thing to be careful of with cloud providers is that a lot of them also offer co-location. So if you’ve got a hosting provider that’s offering managed hosting, or cloud services, and out of the same data centre they’re allowing customers to host their own gear, that means they’ve got the customers walking in and out of the data centre all the time.

“Because if you’ve got co-location, then by default you have to offer your customers access in order to get to their gear.”

That’s not to say that every provider that offers co-location has a lazy attitude towards physical security and allows any Tom, Dick or Harry to waltz into the data centre. It just means that you have to be cognisant of that possibility and find out exactly what a prospective provider’s physical security measures are.

2. Technology

You must find out if a cloud storage provider is using the appropriate fundamental infrastructure, and industry-leading technologies, Randall says. This includes asking questions like:

• Do they have firewalls, intrusion detection services and the like?
• Are they reviewing their log files on a regular basis?
• Have they got monitoring systems set up?
• Do they have people monitoring those alerts 24/7?

3. Accreditation

This third point is really about making sure there’s some evidence behind a provider’s claims regarding security. Customer testimonials are great, but in and of themselves, they are not proof that a cloud provider is legit.

So, you should ask: “What security standards, that are out there in the industry, [does a provider] actually adhere to? Do they actually have copies of audit reports, that customers can see, showing that they’ve met those security standards, and met the control objectives that are contained in them?” Randall says.

If you do your research and find a service provider that fulfils these three criteria, “chances are you’re getting ASX-level security and support”, he says