Promoted by Palace
How can you as a user safeguard your precious data in the Cloud if even the software engineers that you rely on don’t know where it is?
A few years back, I had a very serious conversation with a client who wanted to confirm that the data we were holding was actually in a ‘Cloud’... in the sky. I had to inform her that in fact all ‘Cloud Based’ data is stored in data centres throughout the world and ‘The Cloud’ is just an abstract term used to shorten conversations between technical and non-technical people of the world.
User: “Dude, where is my data?”
Techie: “In the cloud.”
The fact is even the most ‘technical’ individuals (including myself) cannot point to a physical computer or storage device and say with any kind of confidence that their data is stored on it (if the data is considered to be stored in ‘The Cloud’). This is due to the fact that most software engineers use certain providers to supply them with ‘Cloud Services and Storage’. To give you an example, our company Palace uses Azure (A cloud service provided by Microsoft). They offer all sorts of amazing solutions and storage options and even ask me which city in the world I would like those services to be hosted in… but that is it! So the closest I can get to knowing exactly where my data is, is a pin on a map. Doesn’t sound very safe and secure does it?
You may be surprised to know that modern cloud services can be extremely secure… or not at all secure… depending on how it’s implemented. So how can you as a user safeguard your precious data if even the software engineers that you rely on don’t know where it is? It’s all about asking the right questions to the right people, and if you're up for it, doing a little research yourself.
Backup, Backup, Backup…
There is a common misconception that data stored in ‘The Cloud’ is backed up automatically. This is often true of application providers (e.g. Google Suite, Outlook 365 or Palace) as they are obligated to provide a full service solution and make sure the infrastructure is robust enough to handle hardware, software and security faults causing data loss.
However, if your Property Management company has contracted work to be done on your behalf to build your custom solution in the cloud or if you can’t find any backup information about an existing solution, the backup process may not be included in the end product (especially if you’ve focussed on keeping costs low and the backup option hasn’t been discussed). So, great questions to ask are:
- Is the product and data backed up?
- Where is the backup located? (Many cloud services offer something called geo-replication allowing you to mirror your data in different cities or countries. This can be a great way to ensure continuity of services and data in case of a disaster). However, simply having a regular backup located somewhere other than where the service is hosted is a good start.
- What is the retention on the backups? (i.e. how many copies and over what period of time you may need to restore data back too) And is it appropriate for the type of data you are storing? This can affect your costs, so make sure you choose the right retention for you. If you’re storing data that does not change a lot over time (e.g. photos, signed agreements, etc.) you most likely do not need long term retention as your latest backup will contain all the files required. If you’re talking about databases that change constantly over time with use, then your retention will need to be a lot more flexible.
- Can the ‘Disaster Recovery Plan’ be tested? A lot of data centres recommend you perform a test of your ‘Disaster Recovery Plan’. This usually involves bringing services and data online through a restore or mirroring service to a different location or platform. This is really useful to get an idea of how long services and data will be offline during a disaster and making sure that all data is recovered as expected. If you use your own backup service, you can most likely test this yourself.
Security is a complex area for both users and techies alike. There are however some pretty basic things you can check to start off with:
- If you’ve asked a contractor or company to build a website for you (or are using a website on a regular basis) that requires user interaction or feedback, the first thing you may want to check is how secure that interaction is. All modern day browsers will display a small lock next to the site address at the top which looks like this:
Or they will tell you if a site is ‘Not Secure’:
In simple terms this means that communication between your browser and the hosted site is either secure (via updated encryption) or not (either outdated or no encryption is implemented). You can query this with those hosting the site to decide on actions to take. It is now common practice to expect ALL sites to be encrypted in this manner regardless of how the site is used (simply ask your web host provider for an ‘SSL Certificate’).
- If you have a ‘Login’ process which allows your users to set up an account, simply test the process (and get a friend to do this for you as well). Make sure the areas and data they have access to is appropriate for the accounts created.
Of course, security is far more than what users will see or have access to in a browser. Although you can ensure a site is secure (as above), it’s not always easy to know how secure the data is behind that site. This could include access to a database, storage service or external API (outside data source). Whatever it is, the implementation of these services is often critical to the security of your data. Unfortunately, it is also extremely difficult for those with limited technical knowledge to know the security risks these solutions pose. However, again, there are some pathways to peace of mind:
- Simply asking those implementing your solution to talk you through the security of the data you’re storing (in layman’s terms) should enlighten you significantly. Often, when asked directly it will ensure the appropriate security measures are talked through and implemented. It will also often prompt those implementing the product to take another look to confirm everything is as they say it is.
- If you’re still not sure or want that extra security you could engage an independent 3rd party. There are many companies that can perform security and penetration tests on your services (just google ‘Penetration Testing’). They can even be hired to plan an attack on your sites and related solutions to hunt down vulnerabilities that have been missed. If you’ve got the budget, this is a great option to take. NOTE: Always make sure that all those involved in the site management (and users) know about this test otherwise it can lead to some uncomfortable conversations.
So, at the end of the day, no matter how technologically inclined you are, there are always steps for you to take to ensure your data is safe. Just like when you visit a doctor, you can always get a second opinion.
Duncan Abbott, CTO of Palace, Property Management Software.
About Palace - Property Management Software
This cloud security information was brought to you by Palace. Palace brings you web-based property management software that helps you to work smarter, not harder. Gather an up-to-date analysis with KPI reports, graphs and comparisons, so that you can focus on growing your rent roll.
Trust Accounting, Key Management, Online Document Storage, Invoice Barcode Scanning and our intuitive Inspection App help you to make the most of your day, whilst our seamless mail-merge functionality saves you time on communication.
Keep your skills up to date with regular training and weekly webinars. Discover the property management software that skyrockets efficiency, eliminates admin headaches and comes with world-class support.
See what Palace can do for you.