There are several security issues to consider when looking for a cloud data storage provider. In the emerging field of cloud data storage, companies employing cloud services often underestimate the importance of proper security. In fact, SkyHigh reports that the average business only spends 3.8 percent of their security budget on digital security.
Luckily, proper certification means that your cloud service provider has done the heavy lifting when it comes to security. Here’s a look at just a few of the best security certifications to ask about when choosing a cloud data provider.
FIPS 140-2
There’s a frightening truth about digital security that separates the legitimately secure provider from the cut-rate server farm. Many cloud data backup providers will keep your data unencrypted while it is locally stored, and secure it only once it moves to the cloud. This means that your data may be completely unprotected, even when you are paying for services.
A reliable and responsible backup solutions provider will encrypt and protect your data before it even leaves its original storage space on your end. Data security is about protecting your data in both transit and storage, which is what the FIPS 140-2 Certificate of Security is intended to enforce. This certification requires that a provider uses AES 256-bit encryption, a military-grade method of protecting data from interception by unwanted parties.
The National Institute of Standards and Technology defines four levels of security for cryptographic modules and physical security measures in the FIPS 140 series of publications, and is the issuer of these certificates.
A provider with a FIPS 140-2 certificate is one that has taken software, hardware, and physical security measures to protect your data from breach.
ISO 27001
The ISO 27001 is a security certification that information security management companies can earn by proving they have instituted risk management procedures to protect customer data and information assets.
It’s easy to find out if your potential cloud data backup provider is ISO 27001-certified, since most cloud storage services that have earned this certification will proudly display their ISO 27001 certification badge — to see an example, visit the Mozy Enterprise page. ISO 27001 certification requires that companies commit to CASCO standards of security in addition to physical security measures to prevent physical tampering with the hardware that houses your data.
ISO 27001 is a major certification that shows a company is dedicated to the highest standards when it comes to protecting the sensitive data of both you and your customers.
HIPAA
Unlike other certifications, HIPAA is a federal security act that is mandatory for those who manage secure health care data such as patient medical and dental files. The HIPAA act created several different rules that must be followed for HIPAA certification.
The HIPAA Privacy Rule, enforced by the Office for Civil Rights, protects anything that individually identifies patients and is the national standard for electronic security of this data. The HIPAA Breach Notification Rule requires certified companies and their subcontractors to provide notification of any breaches. Finally, the Patient Safety Rule protects any information that is identifiable when it concerns patient safety.
HIPAA certification is required of anyone who stores or computes health care data within the U.S.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.