The benefits of a well-designed and well-maintained cloud-based solution are many (no maintenance or local backups required; disaster preparedness & business continuity; 24/7 anytime, anywhere access), but there is a lot of confusion regarding the differences between vendors’ cloud-based solutions. Although all promise disaster preparedness and business continuity benefits for your office, can all cloud-based solutions reliably and securely do what they promise?

Not All Cloud-based Solutions Are Created EqualRemember, every cloud-based solution resides on an actual network of server(s) located inside actual physical structures. So the real question is, what levels of structural, database and internet security does each cloud-based solution offer?

As a guide for exploring these differences, we recommend looking at three main areas:

ChecklistComparing Clouds

cottsystems.com

Data Center Tier level, physical structure, uptime,

redundancy & security

Data Transmission Via internet

(security & availability)

Data Store Security, redundancy,

performance

We also created a checklist of questions/topics to ask for each of the three main areas. t

cottsystems.com

ChecklistComparing Clouds

Data Center – security of the physical structure that is holding the Cloud

Data Store – security of data in the Cloud

Data Transmission – reliability and security of data sent to and from the Cloud

o Tier Level – is it Tier IV compliant? (This is a benchmark ranking of data centers based on uptime, with Tier I being the lowest, and Tier IV being the highest)

o Purpose-built Facility – does it share space with any other business? Was it built solely for datacenter purposes?

o Above geographic flood plain – is it built above a geographic floodplain?

o Rich Network Access – Is it carrier-neutral? Does it offer multiple carrier POPs?

o Physical Structure – Is it a 911 Facility? Has it been built to Miami Dade County hurricane standards?

Is it a “hardened facility” with cement-embedded walls? Does it have dual roofs? (one under the other)

o Redundant Infrastructure? - Is it 2(N+1)? Meaning, does it have not just one emergency system, but 2 (two) fully independent emergency systems for power, cooling & network plus a 3rd backup for the first two backups?

o Emergency Power - is it capable of generating own power for 14 days without refueling?

o Security – does it have 24/7 on-site security, redundant FOB access, PIN & biometric screenings, full CCTV (closed circuit) surveillance with recorded video?

o Hosted Team – Is there a dedicated team of full-time hosted administrators?

o Firewalls – are there Active Passive firewalls (actual, physical hardware with built-in software that physically protects data from the internet?)

o Active Passive SQL Database Servers

o Monitored Security Logs – with IDS (Intrusion Detection System with auto alerts)

o Multiple Backups of the Data – Does it have 1 Original + not one, but multiple backups of images?

o Multiple Network Feeds – are there multiple network feeds to each server?

o Redundant Network Cards

o Active Passive Smart Load Balancing NIC (network interface card) - for server systems

o Key Performance Metrics – is a team constantly monitoring the entire system for hardware, service failures, low disk space, high CPU utilization service status, etc.

o Dedicated & redundant application servers – is there uncompromised performance even if a server goes down (should have multiple servers and server backups)?

o DMZ - does it have a “demilitarized zone” that protects the internal network from external internet?

o Multiple ISPs – are there multiple ISPs (Internet Service Providers) being piped into the datacenter?

o Financial Grade Encryption – does it use financial grade encryption?

o SSL/TLS encryption – does it have secure sockets layer / transport layer security

o STA encryption – does it use STA encryption

o System/Application Authentication

1

2

3