How to secure your data and choose the right cloud service provider

Are our heads in the clouds when it comes to service provider trust?
Trust is a delicate issue in the tech world these days

Ever since the PRISM scandal first surfaced, people have understandably felt that they can't be sure if their personal data is entirely secure.

The revelation that the NSA intercepted Yahoo and Google data centres brought about this state of affairs, and brought the word 'trust' to the top of the agenda across the tech community. Of course, trust in our governments was seriously damaged.

But this isn't just a question about whether we trust our government to manage our personal data, it also impacts our choice of service provider.

Governments are trying to claw back trust and are now re-addressing the balance, but to what extent can we trust any organisation with our data? And can we trust them to manage it respectfully?

These days, the topic of conversation is less about 'how do we keep our data safe?' and instead more focused on the issue of 'how can we reclaim control of our data?'

The PRISM effect

Cloud service providers are perhaps the most precariously placed because data is stored and transferred virtually. How can a user expect to trust their data and provider, if it's not 'in hand'?

We all shop around and do research before we make a big purchase and deciding between cloud providers should be no different. Cost may have traditionally been the key driving factor, but post-PRISM, our trust in the provider to act responsibly with our data is equally, if not more, important.

Before a customer can trust their service provider, several key questions must be answered. People want to know that their provider will act responsibly with the data entrusted to them, and can deliver on their promise of providing a secure service.

Trust is difficult to earn, and the amount of trust we currently have in our provider may be closer linked to how much control of our data we retain. Therefore the most important factor when we sign up with a provider is whether there is significant choice available in our decision making process.

If a service is only available from one provider you need to carefully consider the ramifications of being locked in with nowhere to go.

Freedom of choice

To safeguard our trust, we need to ensure we retain freedom of choice. If we are to retain this freedom when choosing a cloud service, we need to ensure that the same service is available from several providers, that there are tools available to move from one provider to another, and that the service is available as software – preferably open source – so that if you require it to be run on-premise, you can. Only with this level of control can you truly be in a position to trust.

The fact is that cloud services are fallible, and can certainly go bust or be shut down. Just look at the likes of Nirvanix which went bankrupt a year ago, or Iron Mountain and Vaultscape, both of which stopped their services because of lack of adoption

As a result we need to have the peace of mind that, if our provider were to shut down, we would be able to move our data to a like-for-like service with relative ease.

It's also vitally important that there are tools and processes in place to make this quick and convenient for the customer. The idea of easy migration also becomes hugely important if we began to distrust our service provider's actions.

Taking control of our data

For the service to be available as software is imperative. If we need to move our data, because of provider shut-down or lack of trust, it is the ultimate fail-safe to be able to run your own cloud service on-premise. Doing so gives us the flexibility not to be held ransom with our data.

For the most part, we all live and operate in a free and open market place, and we must use the conditions of this market place to retain control and, in turn, trust in our data. In a political environment where people increasingly believe they can trust no-one, through control we can trust in ourselves.

We all live and operate in a free and open market place, and we must use the conditions of this market place to retain control and, in turn, trust in our data.

The level of control we have of our data is defined by whether we can choose from other service providers, if we can move between them easily and if the service is available as software.

Only then can we secure true control, as well as maintaining not only our security but, more importantly, our safety. The question of 'who can you trust?' has never felt more pertinent. But, by adhering to these basic commandments we can navigate this uncertainty, and gain the control we desperately need to secure the trust we require.

  • Rafael Laguna is CEO and co-founder of Open-Xchange. Under Rafael's guidance, OX developed its product offerings to include SaaS cloud architecture in collaboration with key partners.