Salesforce

Is the data cloud secure?

Graphic showing data cloud and padlock

As technology advances, the popularity of cloud solutions is increasing. Among companies that have not yet used such services on a large scale, questions often arise about the security of cloud data storage. They are as legitimate as possible, since in the case of companies this may involve confidential data covered by professional secrecy or sensitive data, such as the personal details of the company's clients. So, before deciding to move files to the cloud, it's important to learn about how exactly it works and what risks it poses to our data. 

What is a data cloud?

In the simplest terms, a data cloud can be defined as the storage of data on the Internet. Naturally, the Internet itself is not a place to store data, but only a medium by which we can communicate with the server where our data is stored. The server, on the other hand, as a physical device, can be located anywhere on Earth. 

The process of communicating with the cloud requires an Internet connection and access to an account established with the service provider. In this way, we can log into the system from any location or device and access the files previously transferred there.

Where exactly are our files?

The idea of storing data in the cloud may connote information flying through the air (or floating in the sky). But the fact is that all data must be stored somewhere physical. A company offering cloud services has its own infrastructure for this purpose - including data storage devices, whose resources are made available to users depending on their needs, purchased storage space or a specific subscription. The location of the servers on which our data is stored depends on the cloud provider, and as a rule, strategic locations are chosen from an economic point of view. So it may turn out that although the provider is from the United States, the servers with our data are located in Singapore.

What can we store in the cloud?

In most cases, data clouds allow their users to store almost all types of files such as images, documents, archive files or audio and video. Some providers, in addition to just storing data, also offer a powerful graphical interface with tools with which we can read files - video players or text editors, for example. Each provider may have different restrictions related to the maximum file size we can place in the cloud.

Why use the data cloud?

It's no secret that cloud systems have been extremely popular lately. What makes more and more companies decide to use this type of solution?

Access files from multiple devices

We can log into the cloud from both a desktop computer and a tablet or smartphone. This is especially convenient these days, when it has become the norm to have several electronic devices with Internet access. Having our data in the cloud, we don't have to worry about transferring it between these devices. Currently, the cloud is replacing data storage media such as flash drives or external drives that we used to use when we wanted to access our documents outside of our personal computers.

Convenient backup and recovery of files

One of the unpleasant situations that can happen to any of us is the loss or overwriting of files or information that are important to us. This can happen for many reasons, even beyond our control. Nevertheless, it is on our side to protect ourselves, against such a situation and to make backups in advance, the so-called backup. In the case of cloud solutions, in most cases the backup happens automatically. Thus, we can be sure that all the contents of our computer or phone are constantly synchronized with the cloud. In addition, the most popular clouds also offer a history of file changes, so we can go back to a stage from a specific day and time of our work. Recovering a specific version of our document is therefore a matter of a few clicks! 

Reducing costs

Using cloud services relieves us of the direct costs of maintaining the infrastructure, i.e. the cost of electricity and the maintenance of IT professionals, among other things. In addition, we don't have to worry about issues such as the space needed to set up hardware and, previously mentioned, backup. 

The cost of cloud storage is primarily paying for the storage space we are currently using. This means that we don't have to consider buying equipment that we will need in the next few years, because we only meet our current needs. As a result, we spread the cost over the years, and we can use the saved budget from the current year for other investments. 

Is cloud data safe?

The benefits of moving one's data to the cloud is an issue that leaves little room for debate. An important topic that still raises many doubts and discussions is the question of security of such a form of storage of sensitive or confidential information. After all, we are putting the data we own into someone else's hands! The fact that cloud solutions are used by giants of the international market may suggest that the devil is not so terrible. However, before this one argument dispels all doubts, it is worth reviewing the potential risks, as well as the good practices associated with storing data in the cloud.

The biggest risks of having data in the cloud

  • Lack of physical control
    The disadvantage of the cloud is certainly the lack of full control over one's own data and the unknown location of that data, as well as the fact that external parties have access to it.
  • Technical failures
    There can be infrastructure or system load failures at a provider. Even the cloud can potentially fail and we need to be aware of that.
  • Cyber attacks
    This is the use of computer systems and networks using malware to steal or destroy data. Through cyber attacks, crimes such as information theft, fraud and blackmail are committed.
  • Data loss
    The risk of data loss can always arise. A software and hardware failure, the result of a targeted attack, a user error in the cloud or a bug in an application can result in a data leak.
  • API
    Should be properly secured to eliminate possible errors. Incompetently designed, it can expose data to unauthorized access.
  • Insider Threats
    One threat is from company data employees, such as administrators, who can intentionally steal data. One reason is the lack of sufficient security oversight, insufficient management of identities, accesses and credentials. Also an insider threat is misconfiguration of the service, which in turn may be unintentional, and result from ignorance.

What practices are worth following to improve security in the cloud?

  • Choosing the right supplier 

Although the selection of a vendor is not based solely on the issue of data security, it is clear that security standards should be one of the key aspects considered. Before making a decision, therefore, it is worth making sure that the supplier meets the requirements of the ISO/IEC 27000 series of standards and verifying the validity of its certifications.

  • Encryption of sensitive data

In addition to the aforementioned issues, when choosing a provider, it is worth considering the possibility of encrypting data when uploading it to the cloud. Data encryption is an additional security feature, which is especially important when storing sensitive data in the cloud. Data stored in encrypted form is further protected from being read by unauthorized persons. This should be kept in mind regardless of whether data encryption is offered by our provider or whether we will have to take care of it ourselves. 

  • Defining an internal password policy

If multiple employees have access to company-wide cloud data space, it is a good idea to establish an internal password policy. A password policy is a set of rules that define, among other things, the characters a password should consist of, its minimum length and how often it should be changed. Properly defined rules give us control over the level of security established from the perspective of each user of the shared space, and thus help reduce the risk of a hacker cracking the password. 

  • Using dual authentication

Dual authentication involves using two independent forms of authentication when logging in. An example of such a mechanism is the use of a standard password and an SMS code sent to the phone number associated with the account. This protects against unauthorized access to the account in case the password is cracked (because you still need access to another account or device of the attack victim). 

  • Training of employees

Training employees in digital security is crucial to protect against attacks that exploit the ignorance, gullibility or unawareness of system users. An example of such an attack is phishing, which in the case of corporate accounts often involves impersonating the technical department in emails requesting passwords. Training helps sensitize employees to various types of situations that can pose a threat to data security, which are easy to avoid just by reacting appropriately.

Data cloud and RODO

Processing personal data is an integral part of doing business. It is also quite a security challenge. The moment we consider moving the data administered by our company to the cloud, we partially lose control over it. This is because the data is stored on servers to which we do not have physical access and passes through the service provider's systems and infrastructure. 

When choosing a cloud provider, it is important to make sure beforehand that it follows rules that meet the standards of the RODO regulation. It is worth paying attention to what regulations the provider is subject to and whether they comply with European regulations. An example of this is the regulations in force in the United States, which hardly allow violations of RODO(Cloud Act). Providers of the most popular cloud solutions such as Google Cloud or Microsoft Azure are subject to them. While the likelihood of our customer's personal data being shared with the U.S. government is close to zero, it's worth remembering that such regulations exist and that new similar ones may exist in the future. 

When using cloud solutions to process a customer's personal data, we also need to inform the customer of the specific provider and obtain their consent. 

Choosing the right supplier

When choosing the right provider, first of all, it is important to determine the main needs that will guide us when considering different options. It is important what purposes the cloud will be used for and what data will be stored there. Based on this, we can determine certain priority features of the cloud system, such as security standards, performance and reliability. In addition, it is worth noting the possibility of integrating the data cloud with the systems we currently use. Another important aspect is technical support from the provider, which can prove crucial if we encounter a problem during implementation.

What are the most popular and secure data clouds?

The market for cloud services is growing rapidly. This makes these services competitive in terms of quality, price and security. Among the most popular cloud providers, we will primarily find IT giants such as Google, Apple and Microsoft. These companies offer virtual drives where we can store our data and are simple to use. They differ slightly from each other mainly in capacity and additional features.

Dropbox

It offers computer apps for Microsoft Windows, Apple macOS and Linux devices, as well as mobile apps for iOS, Android and Windows Phone smartphones and tablets. Dropbox users can use the Dropbox Paper app, which is a simple text editor. We can store 2 GB of data in the Dropbox service at no extra charge. You have to pay for higher packages, up to 3 TB maximum. 

Google Drive

The Google Drive mobile app is available for both iOS and Android. Google account holders get 15 GB for storage at no extra charge. This is space shared by Gmail, the Photos app and Google Drive itself. If more space is needed, it can be obtained for a fee. Google Drive has the highest maximum capacity among its competitors and that is 30 TB. Space can also be shared among multiple users. Each Google Drive user gets access to the web-apps Google Docs, Google Sheets and Google Presentations.

iCloud

The iCloud service is a cloud drive for storing files primarily for those using the Apple ecosystem, but is also available for Windows users. ICloud does not offer an Android app. For free we get 5 GB of space to use in it. The maximum capacity is a paid 2 TB. The storage space can be shared with other users. In addition, iCloud offers, among other things, assistance in locating a lost device. 

OneDrive

Microsoft's OneDrive is fully integrated with Microsoft Office, which brings a lot of additional functionality. OneDrive is, so to speak, an add-on to this most popular office suite. It offers 5 GB of storage space for free in the basic version. Higher packages come with a fee. The limitation is a data limit of 1 TB per user.

Clouds dedicated to applications

A popular cloud that provides applications is Salesforce. Salesforce is an advanced CRM system that functions entirely in the cloud, offering thousands of business applications. In a nutshell and great simplification, this platform can be evaluated as a cloud-based sales, service and marketing application, which additionally allows easy integration with external systems.

Summary

When considering the use of cloud solutions when running a business, it is worth considering the option of moving only a portion of the company's administered data there. 

As has been mentioned many times, cloud solutions, like other IT systems, are not 100 percent secure and should not be treated differently. So if for some reason we have concerns about putting sensitive data there, it is worth considering a local infrastructure for storing it. However, we must remember that in this case it will still be our responsibility to secure it properly. 

Profile photo of Isabella Wegner

Isabella Wegner

I started my adventure at Britenet over three years ago as a Salesforce Developer. Over time, I started looking for new paths of development and that's how I discovered Salesforce's marketing tools. As a result, today I am fulfilled professionally working both as a developer and as a consultant in the automation of advertising campaigns.