Cloud or No Cloud: Practices for Protecting Data Pretty Much the Same

August 12, 2013

By Christopher Mohr - Contributing Writer

For most enterprises, information is the most valuable asset, even more so than many expensive tangible assets. Protecting information has become a high priority, since losing the information -- or access to it -- leads to costly downtime.

Cloud computing has become more popular and many companies have determined it is a more cost effective way to manage their data centers. Others have determined that maintaining their own data centers outweighs the benefits of using the cloud.

No matter where a company keeps its data, good data management practices are pretty much the same.

Requirements for the Ideal Center

Security has to be tight. Access to data centers should be limited to the few people who need it to perform their jobs. Every square foot should be monitored by cameras. If someone accesses a server or console, what they did and when they did it must be traceable.

Backups should be performed on a regular basis so that after a disaster, recovery can be quick and business continuity is not disrupted.

Redundancy is another important consideration and it applies to lots of things from a disk drive to the whole facility. The idea is that if a drive or facility is damaged or destroyed, a clone of that drive or facility will be at the ready, making a quick recovery possible and minimizing downtime.

Protection against fire and maintaining proper temperature and humidity and other environmental conditions are also critical.

Deviation from the Requirements

Deviating from these requirements usually happens because of matters of cost versus risk. The IT manager may want Ft. Knox level security, but the CFO says that an electronic keypad lock on the door is what the budget will allow.

As long as the keypad lock keeps people who should not be in the data center out, it’s probably a workable solution.

The same goes for backups and other procedures. If the cost of keeping up to the minute backups is greater than the risk of losing the information, then the backup procedure is probably wasting money and a simpler solution is more appropriate.  

These deviations are okay for companies managing their own data centers and that are willing to take the risks.

Cloud service providers on the other hand, should have very tight security and procedures, since they manage other companies’ data and having tight security and procedures lets them accommodate many different levels of customer requirements.

Regardless of where enterprises keep their data, the practices for protecting data from disasters, corruption and theft are pretty much the same. IT management still has to make sure that the proper procedures are followed to protect enterprise data. The only difference is that it may be a service provider following these procedures instead of IT employees.

Edited by Rich Steeves