While we hardly spend a week without hearing a cyber-attack, is it rare to see serious attention given to the experience of the cloud users during such events. One of these rare occurrences happened as Jody Linick, the owner of FitBooks Pro, mentioned the experience when her hosting partner for almost a decade became a victim of ransomware attack. In addition to not being able to access the applications, she didn’t receive a swift response from the support team.
In the same article, she lists some questions to help clients pick a reliable hosting service. Here we try to help you understand the criticality of and answers to these questions so that you can choose the right hosting provider:
1. What are your emergency procedures in case of an intruder attack?
Since the attackers may look for the vulnerability at various points in the system, the service provider should deploy security solutions specific to those points. There must be a selective approach for multiple nodes on the cloud, such as the end-user, network, physical server in data centers, etc.
It’s a series of security layers that can safeguard the data in the cloud. Here are some of the necessary security steps that a cloud service provider should take to secure data and applications:
- Strong password policies (character complexity mandate, 90-days expiry, etc.)
- Multi-factor authentication
- End-to-end encryption
- SSL
- Access control/ Identity management
- Firewall
- Anti-malware and antivirus
- Intrusion Detection System (IDS)/ Intrusion Protection System (IPS)
- DDoS protection
- Vulnerability Scanning
- Backup
- Physical security of hardware and its access restriction
- Hardware redundancy
- Disaster Recovery and Business Continuity (DR&BC)
2. What is your disaster recovery plan?
Natural or human-made (intentional or accidental) disaster can impact software, storage, and hardware to interrupt the operations of a cloud service provider. To deliver services with minimal downtime, the cloud service provider should have a disaster recovery plan, which should take care of all possible impacts: software, storage, and hardware.
Cloud hosting provider can choose data center partners at different geographical locations to maintain the continuity of services even when any of them faces any damage because of a large-scale disaster at any of the locations. All these servers can be interconnected among separately located data centers while maintaining backup regularly on a server at a different site. The process of creating backup should be secure, and it is recommended that even the backups should be encrypted as well.
Hosting service providers can test the potential of their disaster recovery plan with failover testing or business continuity drills. As a customer, you can ask for the reports of such tests/drills and seek a third-party service for such test.
3. How long does it take to restore services after a crisis?
However flawless the infrastructure may be there is always a chance of a system crash. Depending on the scale of impact, it may be imperative to restore the services and recover the data almost instantly. For a service provider that has a reliable disaster recovery, two factors can dictate the restoration of the services: RPO and RTO.
Recovery Point Objective (RPO): RPO refers to the latest point up to which data and process logs can be reinstated. For more straightforward interpretation, RPO can be called the most recent data backup before the disaster struck.
Recovery Time Objective (RTO): RTO is the time taken after the occurrence of the disaster to restore the data and process from RPO. One can consider RTO as the duration it takes to restore the services after a crisis.
Actual duration of disruption in services due to disaster is the period from RPO through RTO.
4. How do you communicate with your customers during a crisis? Is there a designated point of contact?
Most of the cloud service providers are usually available for customer servicing over emails. However, a disaster may require an approach that offers help beyond the norms because clients would prefer more spontaneous mediums, such as chat or phone. Hosting service providers that offer these communication methods can be counted among more reliable ones.
Some firms prefer offering dedicated accounts manager to large clients. Availing an account manager can be a costly affair, but it ensures that the client has a single point of contact during contact for the client in a crisis.
5. What is your Service Level Agreement (SLA) for uptime?
Service Level Agreement (SLA) is an agreement between the client and the service provider that defines various levels of quality, availability, and responsibility. Uptime relates to the availability aspect of the hosting service – the higher the uptime is, the better it is. Not only it is essential that you see how much uptime they guarantee, but it is also critical to know how they will compensate on failing to meet the SLA.
6. What are my options for downloading files on my own?
Some users like to maintain a local copy of the data, to be on the safer side. However, cloud experts have a mixed take on it as the practice of having more copies of data invites more security challenges.
Permissions to download (or migrate) the files on the cloud vary considerably among different hosting providers. Most of the providers restrict the download permissions to a level that only a representative (support agent) of the provider can download the data for you. Others (including Ace Cloud Hosting) allow the authorized users to download the data on their own, even when they have a support team available for the assistance.
7. What options and fees are offered for having your team download data monthly, quarterly or yearly to a physical hard disk drive and ship it to me?
This question might not be relevant for a hosting provider that sufficiently answers the questions above it. At the same time, downloading the data to the physical disk drive is high on expenses as it will depend on the billable hours to download the data along with the cost of hard drive and shipping. Security concerns during transportation of the hard disk may require encryption, which may (or may not) add more to the bill. The client will have to bear with the security responsibilities once the disk is delivered.
A better option can be opting for third-party cloud storage. It is cost-effective, and if the hosting provider permits the installation of the third-party client, the process can be automated as well, saving time and efforts for you.
Final Note
Security is always going to be on the list of concerns related to the hosting, even if rank on the list may vary for some users. With the rising dependency on data along with the adoption of cloud solutions, keeping up with the security challenges require the hosting provider to have a thorough plan in place that is ‘prepared for the worst’. If you are looking for expert advice for your hosting requirements, you can reach a solutions consultant anytime.