A secure cloud offers a higher level of data protection than local storage and backup systems, based on external hard drives and corporate servers, and is much more convenient. But how can we recognize a truly reliable cloud service?
Here you can find out:
What is the cloud?
The cloud is a virtual space to store data, accessible from anywhere through an internet connection. How does it work in practice? The cloud is generated by a huge number of networked servers – mostly located in large datacenters – whose hard drives host data from millions of users.
The cloud can be mainly of two types: public or private.
We speak more often of public cloud: a public infrastructure managed by a private provider. In this case, you can take advantage of the subscription service and guarantee yourself an online space to save your data.
Besides, you could also choose a private or corporate cloud. In fact, some organizations prefer to keep data inside an on-premise infrastructure, therefore on servers located in their headquarters.
Today, companies that prefer to keep data on servers located on-site can create their own private, public or on-premise cloud without upfront investment and management costs thanks to Babylon Cloud\’s technology.
Babylon Cloud also allows to automate the synchronization of online archives and cloud backups with your preferred frequency, leaving professionals time to work.
Why the cloud is more secure than local storage systems
A cloud service can be much more secure than local storage and backup systems because it allows you to automatically replicate data in a space protected from cyber threats, and always have it updated and available.
Until a few decades ago, in the pre-digital era, documents were paper, usually available in a single copy, so any accident was enough to destroy information and cause the loss of many hours of work. With the advent of computers, the situation has improved: data has become digital and now it is easy to create backup copies on external memories: first floppy disks, then DVDs, USB sticks and portable hard disks.
However, a hard drive failure can still make your documents unusable. In fact, even with these systems, data retention still depends on the integrity of the device that hosts it, which in turn also relies on that of the building in which it is located. The same goes for the local servers on which an organization can decide to duplicate its data, in this case with significant investments in terms of purchase and maintenance.
In short, you should make sure you have your backup copies on multiple devices stored in different places. But there is another problem: keeping all the copies up-to-date requires time and organization. In addition, even though you perform regular and relatively frequent backups, such as weekly, in the event of an accident it is easy to lose days of work because the versions saved date back to previous days.
Local servers also have another disadvantage: companies and freelancers must actively take care of their cybersecurity to prevent viruses from entering systems and reaching archives. Corporate servers can also be prone to ransomware attacks, which cause files to be encrypted, making them unusable and forcing victims to suspend work while looking for a solution.
A secure cloud offers a higher level of security, without the disadvantages of local storage systems. In fact, the data uploaded to the cloud is replicated by the service provider on different machines and in different data centers, so that even if one of them were to be destroyed, the backup copies hosted in the other locations would remain.
What is a secure cloud
A cloud is secure when it guarantees:
- that the data is never lost and that it is always accessible in its most up-to-date version;
- that the data is only accessible to the owner and does not fall into the wrong hands.
Trusted cloud service providers work on both physical and logical data security through technology and procedures.
Physical security is about keeping data on the hard drives of the machines in datacenters. Only authorized persons should be able to access the server rooms. In addition, it must be ensured that hardware failures do not damage or temporarily make the data inaccessible.
Logical security, on the other hand, relates to the protection of data on the software side: it includes technical measures to prevent data from being deleted by mistake or being stolen or modified through the network.
Characteristics of a secure cloud
A secure cloud has some fundamental characteristics:
A secure cloud ensures that data is never lost. How? By replicating them on multiple disks, so that to destroy them, a series of concomitant failures must occur, the probability of which is close to zero.
Redundancy of the components of the architecture
A resilient architecture is needed, with overabundant components: in the event of a failure, each element can thus be replaced by a similar one in real time. Firewalls, computational components and redundant databases guarantee users continuity of service and constant data protection.
Data center security
The best cloud services are based on TIER IV classified datacenters — those with the highest standards of security and reliability, in which 99.99% of failures can be resolved without interrupting the service. Here physical access to the room hosting the data is allowed only to authorized users and after 9 identity verification steps, 4 of which are carried out by staff.
Robust authentication systems
Among the measures to ensure security, there are adequate identification and authentication systems, for example: virtual OTP, authentication independent from identification and two-factor authentication.
To ensure that documents and information are never lost, the best storage platforms ask for confirmation before performing critical activities, based on the user\’s privileges, to be verified through device PIN or equivalent solutions.
Control and feedback of activities
Data security also means preventing users from accidentally removing data from databases. The best cloud storage platforms proceed to erase files only after user confirmation and show feedback logs for deleted objects.
Encrypted data: obfuscation and encryption
A reliable cloud storage system ensures that data is readable only by those who send it and those who receive it through end-to-end encryption. There are several encryption systems — such as HTTPS — and obfuscation — such as segmentation of files into packages and renaming with unique hashes.
The safest cloud is zero-knowledge — only the owner can access the data. No one else, not even the employees of the company that offers the storage service.
Certain data ownership
A secure cloud provider will provide a contract
in which it is clearly written that the data remains the property of the user once uploaded to the online space.
Localization of data in countries with adequate privacy regulations
The European privacy regulation is very stringent, while the same cannot be said of the regulations of other countries. To make sure you comply with the GDPR, it is therefore better to choose a cloud service that stores data in the EU.
Assistance is essential to be sure of promptly resolving any problem, avoiding waste of time or forced program changes.
Babylon Cloud\’s secure cloud
Babylon Cloud\’s secure cloud guarantees data always available and protected.
We store data only in TIER IV data centers and in Europe, on our highly resilient platform, capable of functioning correctly up to the sixth point of failure, thanks to our innovative technology.
To guarantee the total logical security of the data, we have provided procedures for secure authentication, activity control, encryption and obfuscation:
- User identification and authentication on an internal or external system depending on the client’s needs, with authentication independent from identification (connection with the customer\’s LDAP / Active Directory).
- Robust client authentication with virtual OTP renewed every 15 minutes.
- Authorization of critical activities based on the user\’s identity, with token, and verification with device PIN.
- Elimination of versions, files, users and groups possible only with double command, with the possibility of recovery, feedback log for deleted objects, and an additional level of security transparent to users.
- Encryption of communications with HTTPS / TLS and SSL protocol.
- Data obfuscation on servers by segmenting files into 2 Mb blocks and renaming with unique 512-bit hashes. A much more robust system than the 256-bit one commonly used in the military.
- Registered patent with 24 claims on biometric data encryption technologies.
- Ongoing assistance and customer support, via email and telephone.