The cloud is one of those things that we all use without realizing it. As soon as you ask your browser to save a password or even a credit card number for you so you can check out of Amazon a little faster next time (not that that’s a real experience or anything), you’re using the cloud.
We tend to assume when it comes to the most important information we have. We trust companies to make sure it’s safe, and we don’t ask more questions.
Why not?
Like a home buyer who wants to know more about the neighborhood and the house’s security system, we have a vested interest in the answers. So what questions do you ask about data security on the cloud—and what answers should you expect?
1. How do you protect my information?
Cloud-based software vendors should be able to give you specifics on what they’re doing to protect information. For example, TransactionDesk, our transaction management and eSignature platform, is very dependent on the cloud.
That’s why we’ve always been very transparent about the types of certification our data centers have.
(They’re Tier IV, SSAE-16 Type II-certified, in case you were curious!)
2. Where are you storing my information?
This is a two-part question.
In terms of geography: cloud-based software vendors should be able to tell you where your information is being stored, for two reasons. One, different states have different rules about how information is stored and handled. Two, most cloud storage providers will have at least two data centers, located 150 miles apart to avoid environmental hazards.
If a vendor you’re talking to only has one data center, that is a red flag. If that center goes down, there’s no backup center sitting on the sidelines, waiting to jump in and pick up the slack.
However, to get this answer, you should have to ask. It shouldn’t be posted on the website, or public knowledge in any way. Data centers need to keep a low profile so they don’t get targeted!
In terms of infrastructure: The vendor should be able to tell you where they keep your information on their own network. This includes how they isolate your information, and what security measures are in place.
For example, Lone Wolf Analytics is built on a network-isolated portion of our private cloud on Amazon Web Services, and uses its built-in security features along with our own additional features to stay safe.
3. How do you protect my information in transit?
There’s no real use in protect information in a location if it’s not going to be secure in transit, too. That’d be like a high-security bank transferring money between locations in an ordinary minivan instead of an armored truck.
Any websites you use to store and transfer your information should be protected by a secure connection, and that’s easy for you to check on your own just by looking at the URL. If it says “https://” that means the website uses secure socket layers (SSL). If it only says “http://” you’re not on a secure connection.
This is a big feature for TransactionDesk, which uses SSL both to protect data while you’re working on your documents, and to send documents to and from your clients.
4. What’s your internal structure for managing information?
Recently, I was reading an article from last week’s Inman Connect event where a panelist explained in as many words that you wouldn’t necessarily give over your important personal information to a “startup run by two people and a dog.”
It’s an extreme example, sure—but it’s a good point. Your cloud-based software vendor should be able to give you an idea of the people power they use to keep the system running. After all, the machines aren’t going to protect your information all by themselves!
Bottom line: when it comes to the security of your information and your clients’ information, it’s important to ask the right questions. These ones will help you stay safe out there, no matter what you’re using the cloud for!