The benefits of a well-designed and well-maintained cloud-based solution are many (no maintenance or local backups required; disaster preparedness & business continuity; 24/7 anytime, anywhere access), but there is a lot of confusion regarding the differences between vendors’ cloud-based solutions. Although all promise disaster preparedness and business continuity benefits for your office, can all cloud-based solutions reliably and securely do what they promise?
Not All Cloud-based Solutions Are Created EqualRemember, every cloud-based solution resides on an actual network of server(s) located inside actual physical structures. So the real question is, what levels of structural, database and internet security does each cloud-based solution offer?
As a guide for exploring these differences, we recommend looking at three main areas:
ChecklistComparing Clouds
cottsystems.com
Data Center Tier level, physical structure, uptime,
redundancy & security
Data Transmission Via internet
(security & availability)
Data Store Security, redundancy,
performance
We also created a checklist of questions/topics to ask for each of the three main areas. t
cottsystems.com
ChecklistComparing Clouds
Data Center – security of the physical structure that is holding the Cloud
Data Store – security of data in the Cloud
Data Transmission – reliability and security of data sent to and from the Cloud
o Tier Level – is it Tier IV compliant? (This is a benchmark ranking of data centers based on uptime, with Tier I being the lowest, and Tier IV being the highest)
o Purpose-built Facility – does it share space with any other business? Was it built solely for datacenter purposes?
o Above geographic flood plain – is it built above a geographic floodplain?
o Rich Network Access – Is it carrier-neutral? Does it offer multiple carrier POPs?
o Physical Structure – Is it a 911 Facility? Has it been built to Miami Dade County hurricane standards?
Is it a “hardened facility” with cement-embedded walls? Does it have dual roofs? (one under the other)
o Redundant Infrastructure? - Is it 2(N+1)? Meaning, does it have not just one emergency system, but 2 (two) fully independent emergency systems for power, cooling & network plus a 3rd backup for the first two backups?
o Emergency Power - is it capable of generating own power for 14 days without refueling?
o Security – does it have 24/7 on-site security, redundant FOB access, PIN & biometric screenings, full CCTV (closed circuit) surveillance with recorded video?
o Hosted Team – Is there a dedicated team of full-time hosted administrators?
o Firewalls – are there Active Passive firewalls (actual, physical hardware with built-in software that physically protects data from the internet?)
o Active Passive SQL Database Servers
o Monitored Security Logs – with IDS (Intrusion Detection System with auto alerts)
o Multiple Backups of the Data – Does it have 1 Original + not one, but multiple backups of images?
o Multiple Network Feeds – are there multiple network feeds to each server?
o Redundant Network Cards
o Active Passive Smart Load Balancing NIC (network interface card) - for server systems
o Key Performance Metrics – is a team constantly monitoring the entire system for hardware, service failures, low disk space, high CPU utilization service status, etc.
o Dedicated & redundant application servers – is there uncompromised performance even if a server goes down (should have multiple servers and server backups)?
o DMZ - does it have a “demilitarized zone” that protects the internal network from external internet?
o Multiple ISPs – are there multiple ISPs (Internet Service Providers) being piped into the datacenter?
o Financial Grade Encryption – does it use financial grade encryption?
o SSL/TLS encryption – does it have secure sockets layer / transport layer security
o STA encryption – does it use STA encryption
o System/Application Authentication
1
2
3
Top Related