Q: One of my customers is reluctant to store their data in the cloud because they’re afraid it’s less secure than an on-premise storage option. As their managed service provider, I know that cloud storage is the best option for their business, but how can I convince my customer that the cloud is safe? What steps should I take to make them feel comfortable storing their data in the cloud?
It’s no surprise to people in the IT channel that small businesses struggle to understand the cloud and how it works. Due to this lack of understanding, some small business owners think the cloud is an unsafe place to store their business-critical data, so they prove to be stubborn customers for the IT service providers working with them. These SMBs need clear and convincing evidence to change their opinions about the cloud. As their managed IT provider, you can educate them on the benefits of the cloud and show them that storing data in the cloud really is the safest option for their business.
When we got your question, we knew who we needed to talk to about cloud security. So we sat down with Chris Crellin, security expert and senior director of product management at Intronis MSP Solutions, to get his take on why the cloud is the more secure option for data storage. Here are the three key advantages to cloud storage that Chris suggests MSPs share with any nervous customers:
When I think about data storage options and security, the first thing that comes to mind is data encryption. The most effective way to ensure data security, this technology prevents outside parties from accessing or reading sensitive corporate information. So, small businesses would want to encrypt customer relationship management (CRM) information, billing information, and other private details that their business wouldn’t want shared with the public.
Cloud storage providers use sophisticated encryption technology which is stronger data encryption than on-premise storage options. Small business owners simply don’t have the time to figure out how to encrypt their critical data. Using the cloud, managed service providers can easily choose a cloud backup vendor that offers strong encryption for data in transit and at rest in the cloud. That way, small businesses can rest easy knowing their data is fully protected—without any extra work on their part.
Another important distinction between on-premise and off-site storage is redundancy. With on-premise backup, there is only one backup copy of the business’ files and folders, and that copy can easily be lost or corrupted by human error, a site outage, or an equipment failure.
On the other hand, cloud storage offers businesses redundant storage by storing a duplicate copy of critical data in another location. So, if a small business’ computer system were to be destroyed by a flood or fire, their MSP could restore their data from another server used by their cloud service provider.
Cloud providers also typically store data in two data centers that are geographically dispersed. For example, Intronis has data centers in Boston and Los Angeles. That way if an outage affects one of the data centers, the cloud provider can still easily restore data as needed from the unaffected data center.
It’s also important to note that these data centers usually have physical security measures in place to protect the facilities. For example, some cloud providers protect their data centers with fire control systems, biometric controlled access, backup generators, redundant connections to the Internet, and 24/7 monitoring by guards.
When small businesses only store their data locally, they aren’t meeting the requirements of many industry compliance regulations. For example, HIPAA (Health Insurance Portability and and Accountability Act) requires healthcare businesses and their business associates (such as managed service providers) to have certain security measures in place to protect critical data. Cloud backup providers that are already HIPAA certified can help their MSP partners stay compliant more easily by having the appropriate safeguards in place.
It’s also important to keep SOX compliance and Safe Harbor compliance in mind when storing data in the cloud. Cloud companies need to follow these even more stringent compliance regulations which define which business records should be stored and for how long and sets permissions on gathering and sharing personal data. Satisfying these compliance regulations will assure your customers that their data is protected in the cloud.
As an MSP, ask your cloud provider if they satisfy HIPAA requirements and any other pertinent regulations to your customers’ industries. Most cloud providers have been vetted for these types of compliance regulations and are certified compliant or at least state that they are compliant.
With Chris’ insights, you’ll be prepared to talk with your customer about cloud security and show them how encryption, redundancy, and compliance make the cloud a more secure storage option. Think of the conversation as educational and informative with the goal of making sure the customer truly understands the cloud instead of focusing on what you can sell them. This will help you to convince your nervous customer and position your MSP business as a trusted business advisor.
To learn more about cloud security, visit the Intronis Cybersecurity Resource Center.
Ask an MSP Expert is a weekly advice column answering common questions from MSPs and IT service providers. It covers topics ranging from pricing and selling to marketing and communications—and everything in between.