What is ISO 27001, and Why Does it Matter?

JPEG image-8F3E09CED782-1Many businesses fear security breaches and the consequences of hacks. And it’s true to say that small businesses are never immune from this threat. Cloud adoption has long been stalled by security-conscious businesses that see the cloud as a potential threat to their information.

In 2009, 68 per cent of European CIOs surveyed said that security fears were preventing cloud adoption. In 2015, security was still thought to be the single biggest barrier that was stopping businesses migrating to the cloud.

But some of these fears are based on misconceptions. In the financial services industry, and a lot of problems can be solved using risk assessments. 71 per cent of businesses now use some kind of cloud technology; the key is to be smart in the way you plan your migration and choose your provider.

Why ISO 27001 matters

ISO 27001 is an information security standard. Its sets out the minimum requirements for an organisation’s Information Security Management System (ITSM) to make sure that the organisation has a formal commitment in place. ISO 27001 covers the operation, monitoring and maintenance of information security management, ensuring staff and policies are committed to safeguarding data.

Data centres that are awarded ISO 27001 accreditation have been externally and independently audited to ensure they comply with these stringent rules. The key thing to remember is that an ISO 27001 facility has assessed risk, and put measures in place to manage it. For example, there’s a risk in storing data in the cloud, but the organisation will have evaluated this and put measures in place to manage that risk.

When you look for a cloud provider, you should ascertain whether its data centre is ISO 27001 certified, and you should check out its security policy carefully. But there’s more to check before you sign up.

What about data centre location?

The great thing about the cloud is that it’s geographically diverse; data is stored in more than one location. For businesses, this poses a new question. If data is stored in different countries, which country’s laws will protect my assets?

A few years ago, there was a great deal of fuss about the Patriot Act, a US law that allows US authorities to comb through any data within its geographical boundaries. In truth, many governments have similar laws, and data cannot be completely ring fenced, but there’s still some confusion among businesses who aren’t sure where their data should be stored. The EU has its own set of problems, with security protocols being jumbled and difficult to understand.

The safest approach is to select a provider with a data centre in the UK. You must make sure that all of your data stays in the UK, and the business does not have any operations in the USA, to avoid the potential complication of US involvement. By selecting a provider with a UK data centre, and ISO 27001 accreditation, you can move to the cloud with confidence and keep your data completely secure.

Just How Secure is Your Cloud Data?

When we think about IT security, we tend to assume that anything private should be stored on our own computer. The idea of putting a private document onto someone else’s machine seems like madness, particularly in an ever-connected world.

This instinctual reluctance to move data around has made some companies wary of the cloud. But the truth is that many cloud services are more secure than the on premise solutions we’ve used in the past.

So what goes in to securing your data in the cloud?

ISO/IEC 27001 Compliance

ISO/IEC 27001 is the international standard for security management, and it’s a standard that we comply with. Using this framework, we ensure that third party data and sensitive information is handled appropriately.

Compliance with ISO/IEC 27001 is not guaranteed among cloud service providers. But we believe that it’s an essential part of keeping your data secure. When you compare us with the competition, check to see if they have certification.

Super Encryption

When we store your data on our servers, we encrypt it. Using a special key – a string of characters – an algorithm scrambles the data, and the key is required to restore it. By protecting the key, we prevent unauthorised access.

Encryption keys are incredibly secure. A 128-bit encryption key would take millions of years to break, even if you used a computer. Consider this: our online backup uses 256-bit encryption, and our Hosted Lync and MyOwnCloud services use 2048-bit encryption. You’d need billions of years to crack either.

Location of Data

All Cloud4 customers benefit from UK-based storage for their data. This is critical, since laws on data access vary around the world. When your data is kept in the UK, you benefit from the very best in speeds, but also know that your data is stored according to local laws.

Our datacentres are located in Manchester and London, and we access is completely locked down. Only authorised security staff and technical teams can ever get into the building without a vetted escort, and we have state of the art fire suppression systems ready to kick in if there’s a disaster.

Our support team is all located in the UK, too, and we’re available 24/7/365. If you have any security concerns, we’re always here to help you.

Email and Desktop Security

To prevent system infection, and ensure your data never gets compromised, our hosted products use all of the security software you’d expect. That includes anti-virus software, anti-malware scanners, firewalls and identity verification. We do all this while allowing convenient access to your data from any location. If you use the cloud to share and collaborate, you won’t be prevented from doing anything you need to do, yet any unauthorised users will be locked out firmly and permanently.

Test Drive the Cloud

High profile hacks always grab headlines, but the cloud is inherently very secure. We don’t use weak passwords, and we don’t leave your data in the hands of fate. Instead, we used tried and tested, military grade security using the very latest technology and techniques.