Many small and medium-sized businesses (SMBs) already take advantage of the cost savings and ease of backing up via the cloud. But others are still wary. Nearly three-fourths of survey respondents to a July 2011 InformationWeek Analytics study cited “security concerns” as the reason they haven’t used public cloud storage. I believe these concerns are due to a lack of understanding about cloud backup security controls.

There are good reasons to trust cloud-based backup. For one, cloud backup minimizes the human failure factor. Data recovery firm Kroll Ontrack says that at least a quarter of all data loss is due to human error, such as incorrectly partitioning a hard drive or forgetting to change tapes. Cloud-based backup, however, reduces human error as it can be set to take place automatically at night and doesn’t require manual hard drive set up, tape swaps, or physically moving tapes to an offsite location. Cloud backup is also more reliable as it is encrypted then transmitted directly from the business to a secure datacenter to be stored for offsite disaster recovery. Tape, on the other hand, is fragile and not encrypted, so it is easily damaged or tampered with on the way to, from, or at the storage site.

Know the Limitations of the Cloud

Let’s also agree on the limitations of cloud-based storage: you don’t want your business data backed up ONLY by a cloud solution, where your data’s recovery is dependent on Internet connections and bandwidth; it could take days or longer to get your data back. For full protection, you need a hybrid cloud environment that covers both onsite and offsite backup, as discussed previously in The Forecast: Partly Cloudy. And you want to make sure your total backup solution uses a trustworthy provider with the most secure encryption technologies and data centers.

Know When to Trust the Cloud

To ensure your cloud backup is safe, here are three things to look for:

  1. AES encryption technology. Be sure the cloud storage part of your solution uses Advanced Encryption Standard (AES), the highest level of encryption technology available. This is the standard approved by the U.S. National Security Agency (NSA) and the Federal Information Processing Standard (FIPS). Using AES, your data remains securely encrypted both in transmission, at the data center, and when restored.
  2. A SAS 70 Type II datacenter. For your storage solution to be safe, the datacenter where your data is housed has to be safe. Not all datacenters are created equal. SAS 70, or the Statement on Auditing Standards No. 70, is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPAs). To get certified as SAS 70, a datacenter must have its control policies and procedures evaluated by an independent party. But what you really want is SAS 70 Type II certification. To gain the Type II distinction, a datacenter must also be thoroughly tested by an independent third party over a 6- to 10-month period. During this testing, features audited include the organization’s administration, the client contract process, security policies, password rules, network security, and emergency response initiatives.
    The most reliable backup and disaster recovery solutions will thoroughly research their datacenter’s certifications and track record to ensure a high level of protection. They’ll ask questions like those offered in another Axcient blog post, Advice for Choosing the Right Datacenter. This brings us to the final point of what you should look for to ensure the safety of your cloud-based backup:
  3. A trustworthy backup, business continuity, and disaster recovery solution. Choosing a trustworthy backup solution is what really makes the difference in whether your data and applications are well-protected and available when you need to recover a file, folder, or full server image. For help in finding a trustworthy solution, you can look to third party awards and articles, such as those from Forbes, Talkin’ Cloud, Business Solutions Magazine, MSPmentor, and The VAR Guy. And for SMBs looking for a managed service provider (MSP) or value-added reseller (VAR), Axcient can provide a list of excellent referrals in your area.

Whether you are a SMB, MSP, or VAR, don’t write off cloud backup because of concerns about security. Instead, choose a solution that uses a SAS 70 Type II datacenter, AES encryption technology, and a hybrid cloud model that also includes onsite backup and fast recovery. Then you can rest assured that your business data will be available any time, no matter what.