How do I pick a cloud provider or vendor?

Cloud  diagramNext Century Technologies protects and manages information technology for clients from many different industries and fields. When we are looking for a new cloud-based service, whether it be for storage, or backup, or Office365 distributor, we follow our banks’ standards and look for these features in all our cloud providers:

1. SOC2 Certification

Look for a cloud provider that is SOC2 (Service Organization Control 2) certified. SOC2 means a provider’s information systems meets the standard for security, availability, processing integrity, confidentiality or privacy as set by the American Institute of Certified Public Accountants. Why? It means the provider is committed to security. These rigorous standards are added protection for your data. Financial and medical institutions look for providers that adhere to this standard. You should too! 

2. Encryption

Is your data encrypted? Encrypted data is scrambled and requires a password key to unscramble. This keeps unauthorized people from accessing your data. Your data should be encrypted both in transit from your computer to the cloud, and while it is stored in the cloud.

3. Backups

Your data is in the cloud, but that does not mean it is backed up! What if you accidently delete a file? Is it hard to get back? What happens if ransomware hits your computer and the encrypted files are uploaded to your cloud storage, essentially encrypting everything in the cloud as well? What if a disgruntled employee deletes all their files or emails before quitting? Don’t assume your cloud provider is backing up your data – find out! Did you know Office365 has an e-mail retention of only 30 days? That means if you accidently delete an email or folder, you have 30 days to figure it out and recover it. Retention rates vary by provider, and some providers offer nothing in terms of backup! If backups are not offered, is there a third party product that can do the backup?

4. 2FA or MFALock and key

Two-factor authentication (2FA) or multi-factor authentication (MFA) are becoming more and more crucial to protecting your cloud data from ransomware. New ransomware attacks designed especially for cloud storage are becoming more common. Two-factor/multi-factor means you will need more than just a password to access your cloud storage account – you will need a secondary method of identity verification usually by means of a code sent to an e-mail or smart phone. Is 2FA/MFA offered by your cloud provider? Set it up. If its not offered, find a different provider. Not all SOC2 providers utilize 2FA/MFA!

5. Business Continuity

Catastrophes like hurricanes and floods can take out a data center or in the very least, cut their access to the internet. Does your cloud provider actively replicate their data center to other sites around the country? Find out. A reputable provider will have this type of information on their website. It’s a great selling point.

6. Free comes with a price!

You get what you pay for. If the service is free, then how is the provider making money off YOU? Chances are good they are not SOC2 certified (which costs a lot of money), nor do they offer backups or 2FA. Do they even bother encrypting your data? Are they selling your contact information to spammers or scammers? Is their data center in an obscure country with questionable security? Or is it in someone’s house? Will they even be in business next week? If they disappear, what happens to your data?

Have questions? We can help!

Next Century Technologies has been helping businesses with IT since 2001! Call us at 859-245-0582 or click here to reach out to us.

About the Author

Tracy Hardin is President and founder of Next Century Technologies in Lexington, KY. She has a bachelor’s degree in computer science from the University of Kentucky and has earned certifications from Novell, Cisco and CompTIA. Her specialties in the field of IT are network design and security, project management and improving productivity through technology. She loves helping people by sharing her knowledge of tech.