Whether your data is sitting in your data center on a server or in a service provider’s data center in the cloud, making sure it’s safe is critical to your business surviving. I’m not talking about public information, like your marketing brochures or press releases, but about sensitive and confidential information.
Some people believe that your data is safe if it’s inside your own datacenter. You have firewalls, intrusion detection systems, anti-virus and a host of perimeter defenses. Yet, in the last few months alone, companies have had hundreds of thousands of records stolen from servers sitting in so-called protected environments.
Manwin Holding SARL had 350,000 personal records exposed because they were sitting in an unused forum in plain text. YouPorn had 1.4 million email addresses, passwords and dates of birth sitting in a plain text debug file on a publically accessible website. Last year Sony had millions of records compromised by sloppy security practices on its popular gaming sites.
Having your data in the cloud may or may not be safer than having it in your own data center. The top cloud providers, like Amazon. Google, IBM and Microsoft, have state of the art physical and virtual security in place to make sure your data is safe. But if you use sloppy security practices in your applications or services, like keeping passwords in plain text files, the best cloud provider still can’t help you.
Below is a great graphic showing some statistics how data breaches occur and who is typically behind them. This information comes from 2011 reports by Verizon and Symantec. Since hackers still represent a large majority of the problem, taking basic security precautions is the least you can do to keep your data safe. Encrypting your most important data is still the best way to protect it, whether it is in the cloud or not.
As with your home or business, if you at least lock the front door, you’ll keep a lot of the thieves out.