Zetta Blog

cloud backup security factors to consider

Is Your Cloud Backup Secure? Important Factors to Consider

by Maggie Getova

More businesses are starting to trust the cloud as a viable backup choice for their critical data. What is driving that shift? Perceptions around cloud backup security are gradually starting to change. But unfortunately, not all cloud backup providers utilize the same degree of data security and integrity.

There are three major criteria you need to consider when you’re evaluating the security standards of a cloud backup vendor for your business: compliance, authorization procedures, and data availability.

Is your cloud backup provider industry-compliant?

If your business is part of a regulated industry, you know that meeting compliance requirements for your data is a top security priority. If you manage the data of a healthcare organization, for example, meeting standards set forth by the Healthcare Insurance Portability and Accountability Act (HIPAA) is a must. These practices include signing a business associate agreement, ongoing auditing, data encryption practices and more. In order to maintain compliance you have to be aware of HIPAA standards and ask your cloud backup provider for documentation on how they are able to meet them.

If you are seeking to find a secure cloud backup solution as a financial service company, you also need to abide by legal standards defined by the Sarbanes-Oxley Act of 2002 (SOX). Part of those standards include comprehensive data encryption and specialized data retention policies depending on business needs. It’s essential that you ask your cloud backup provider to prove they’ve earned the appropriate industry certifications to ensure that you’re maintaining compliance and keeping sensitive customer data safe.

Beyond industry compliance certifications, proper authorization and data integrity practices are also critical features to look for in a secure cloud backup solution.

What authentication and authorization procedures does your cloud backup provider have in place?

The ability to access, back up, and recover data from anywhere is one of the great benefits of having a  solution in the cloud. However, if a cloud solution is not architected properly, it can also expose your organization’s data to potential security breaches.

You should ensure that your cloud backup provider has proper authentication and authorization procedures in place is so that your data is secure and protected from being breached by unauthorized individuals. Part of those processes can include limiting access to the production systems (including applications, networks, databases, and servers) and customer data to only properly authorized employees. Physical access to the data center where the provider keeps the data must also be strictly regulated, as well as access to firewalls and network devices. Background checks and ongoing log and security reviews for the employees who have access to your data are also an important layer of security to look for.  

How does your cloud backup provider ensure the availability and completeness of your data?

The point of backing up data is that you can recover it if you ever need it – that’s why it’s critical that you seek out a cloud backup and restore solution that can ensure that your data is available for recovery in a complete, error-free state at all times.Industry standard SSL encryption practices and real-time data validation are also features which help ensure that data is complete and correct before being recovered from the cloud. Continuous and distributed monitoring of system availability and maintaining SLA compliance also help ensure data is available for recovery at any time.

While it’s good to be aware of your cloud backup provider’s security procedures, it’s also important to remember that data security starts with an organization’s internal practices first. Managing user roles, security training for staff and other procedures are at the heart of keeping data secure. Having a secure cloud backup provider is just an added layer of insurance, necessary to prevent serious data loss incidents -- and headaches.


Maggie Getova
Maggie G

Maggie is a content writer and editor at Zetta. She writes for the blog and manages web content.