Most of us would probably agree that the cloud has turned out to be a boon for business computing. But, have we grown too confident in “the cloud” and now putting too much faith in the cloud systems we are using? Do you assume that your data is secure and that data can never be lost because it is “backed up”? That trust may be ill-place and business owners need to press their cloud provider for details.
Let me share a little cloud story that should scare you.
Recently, a client emailed us asking, “Is there a way to do regular backups of our cloud-based ERP data so we can access and use the information if the cloud provider ever had problems?” We responded, “No not really.” and inquired, “Why do you ask?”
Sadly, the client’s ERP had just stopped working one day and the cloud provider was silent about the outage’s cause. After several days of outage (Can you imagine having your core business system DOWN for DAYS?!), the provider let its customers know that it had been hit by ransomware! The attack took down their cloud platform, and there would be data loss for all of their customers.
Clearly, the cloud provider’s backup and security were not up to par and their customers are paying the price. I suspect the cloud provider was NOT NIST compliant as we recommend all our clients be.
You may be thinking that you don’t use an ERP system so no big deal. Maybe, but there is a high probability that you are using a cloud-based Microsoft product like Office 365. Yes, Office 365 is backed up, but is your “data” secure just because it’s in the cloud? Not by a long shot because the data is only as secure as your passwords. Users are notorious for selecting, sharing, and repurposing company emails and passwords. If you rely only on passwords, your cloud data and systems are NOT very secure at all. If a hacker gets access to a user account, they can potentially gain administrator access and control your systems and data with ransomware, which brings us back to our story about backups.
The moral of the story is to ask your cloud vendor questions about their security and backups before something bad happens. If you mistakenly delete an email or a file in your cloud applications, you can recover it easily enough. Luckily, you can protect your account with Multi-factor Authentication and for Office 365, add thankfully there are several 3rd-party backup providers for redundancy. With backups, you can quickly recover mass amounts of data and be back in business almost immediately.
But, if all of your data gets encrypted by ransomware, you are in for a world of pain. There is no easy way to recover ransomware data outside of paying the ransom and that’s a
WHAT QUESTIONS SHOULD BUSINESS OWNERS ASK CLOUD PROVIDERS IN ORDER TO CREDIBLY TRUST THEM?
- Ask them for documentation about their security and backup procedures. All cloud providers should have something readily available to give to their customers.
- Ask them point blank, “Can I backup my data on my own as a redundancy if there is ever an outage on the vendors end?”
- Have they ever had a security incident that took down their platform or had any data loss? Ask for details about what happened, how they recovered, and what they learned.
- What are their protections from a ransomware outbreak?
The more you know the better you can prepare. Dig Deeper!