In light of recent international data leaks, users have started paying a lot more attention to information security. As a result, partners and potential clients have been asking me more and more, “How do you protect your clients’ data?”
Most people find my answer quite surprising: we don’t. This isn’t just surprising to clients and regulatory representatives, it’s down right shocking. We don’t back up our clients’ information. We also don’t take any special measures to ensure uninterrupted access (except as described in our SLA). How is that possible, you ask? The answer is simple: what we offer clients is an infrastructure–a set of tools for building information systems.
What about storage, access, and protection? To put it bluntly: the responsibility of protecting data lies in the hands of the data owner. But not to worry, there’s really nothing to it; just keep in mind these four aspects of security: physical access, access rights, encryption, and backups. We’ll take a closer look at each aspect below.
Ensure Physical Security
This is not an area of concern for our clients. All of our data centers are equipped with security systems, access control and monitoring, and video surveillance. You can find a detailed description of this on our official site with photos and videos. We pay special attention to ensure fault tolerance. We also offer cages to clients who require increased security. These cages are fully isolated and cannot be accessed by anyone, including our engineers, other than the actual client.
Manage Access Privileges
A client can and must set up and limit access to data according to an organization’s internal regulations, especially if the data is confidential or important. When leasing a server to a client, we set the administrator / root password and advise the client change it immediately. The job of managing privileges to servers and our control panel is the client’s obligation. Here are some typical errors made when defining access rights:
- Registering the organization under an employee account instead of registering as a legal entity. The consequence: loss of access to the account and data when the employee is unavailable (sick days, business trips, quit, etc.).
- Granting full access to someone other than system administrators (programmers, users, etc.). The consequence: accidental deletion of data, corrupt server configurations, and other problems which may cause unexpected service unavailability.
Corporate clients should pay special attention to that last point: nobody knows the company’s administrative structure or can set the appropriate privileges better than the administrators.
Client and corporate data leaks are extremely troublesome and could mean a big red X for the future development of a company. The risk of leaks can be minimized by encrypting data during transfer and storage. Secure connections, specifically SSL, TLS, and IPsec protocols (among others), are used to encrypt data transfers. If a project assumes that remote computers or mobile devices will be connecting to a server containing confidential data, then the optimal solution is a VPN connection with high-security encryption on all traffic. This kind of connection can be set up using a hardware firewall or special software on one of the servers. In our data centers, client data is effectively isolated at the network level: each client is provided a separate VLAN and an isolated local network can also be organized. Also, anti-spoofing filters are used on all virtual servers.
Encrypting data on a disk isn’t as critical since we guarantee limited physical access to servers and disks. Nevertheless, we have no restrictions on the tools a client can use to encrypt their saved data. When leasing a used server to another client, all information stored on the hard drives are destroyed according to our internal regulations.
Regularly making backups guarantees the integrity of your data. However, it seems that most people only think of this in hindsight. There are lots of ways to create data backups, and our Cloud Storage is a perfect place to host them. We also insist on using a fault-tolerant RAID. By using a RAID, you avoid total crash if one or several disks fail.
In our experience, we’ve seen that if a person keeps these things in mind, they spend their time developing their business and don’t waste it dealing with errors and tech support. I’d also like to mention that our specialists are always happy to answer any technical questions and help with any administrative services.