Cloud Security image

MYTH OR FACT: Is Cloud Security “Built In?”

Too often, businesses using a cloud service assume that because it’s in the cloud, their data is automatically backed up and secure. As a managed service provider, we see companies all the time that believed this myth, finding out only after a cyber attack or other disaster that their data wasn’t protected. 

The confusion comes about because cloud systems are better for overall cyber security (FACT), but it’s not because they are automatically backed up (MYTH). If you haven’t specifically purchased backup services for your cloud data, you most likely have no backups at all.

FACT: Cloud Services Are Better for Cyber Security

Notice this heading didn’t say the cloud services provide cyber security. Data in the cloud is not inherently safe just because it is in the cloud. What makes the cloud a more secure choice is the flexibility you have to configure your cloud, including to create redundant backups. 

Data that is in the cloud is physically removed from your primary data so floods, fires or other events that impact your primary data won’t wipe out your backups too. That’s what can happen with on-premises backups. And because you only need to pay for the space you use, you can quickly scale to meet your needs.

MYTH: Security Is “Built In” to the Cloud

When you migrate to a cloud solution, you are buying the primary storage itself, not automatic and redundant data backups. Such data backup and recovery usually requires a third-party tool like Backupify. The cost of these third-party solutions is typically just a few dollars per user per day and is an important investment in your business continuity.

Without backups, your data is completely exposed whether your data is in a public, private or hybrid cloud solution. Make sure your cloud data is not only backed up, but  is also being monitored and managed correctly. That is where an experienced managed service provider (MSP) can help.

If you are already working with Aeko Technologies … no worries. We’ve got you covered. 

Looking for an IT expert? Try our free Choose IT Support Checklist

Types of Cloud Services

Here’s a brief explanation of the three types of cloud services:

  • Public cloud services. Think of these like a filing cabinet. They give you space (a drawer) that belongs only to your company but you are on a server (the cabinet) where other companies also have designated “drawers.” Your drawer is securely locked and the key to your drawer cannot unlock any of the others and vice versa.
  • Private cloud services. As the name implies, private cloud servers are not shared in any way shape or form. The whole “cabinet” is yours and yours alone. The caveat is that private cloud services are usually much more expensive than public cloud services.
  • Hybrid cloud services. This mix of public and private services is what many companies find to be the best of both worlds. Extremely sensitive data is kept on a private cloud while the day-to-day routine  info is on a public cloud.  If you need data storage for sensitive data but not all data, this is the most cost-effective cloud storage option. 

Cloud Service and Backup Agreements

If you have already migrated your data to the cloud, review your cloud service agreement (that long, legal form you clicked “agree” to in order to purchase the product but didn’t really read word for word) to find out if your cloud services include backups or not.  

Pay attention not only to if backups are included but also:

  • When they’re run (how many times per day and what times).
  • Where they’re stored (single location, redundant locations, public/private/hybrid cloud).
  • How long the data is stored.

Even if the agreement includes backups, they might not be the frequency you need for your particular business or stored in a way that is compliant with your industry regulations. 

Whether your backups are provided as part of your cloud services agreement or by a third-party provider, these settings should be configurable to meet the needs of your business. Take the time to review these with an IT support expert who can help you make sure it is set up correctly.

Compliance Issues With Cloud Services

If you do business with a government entity, simply having a private cloud might not be enough.  You might need to be on FedRamp ( Federal Risk Authorization Program) which is a specific government-controlled cloud service.

Just because you have Microsoft Azure doesn’t mean you are in the FedRamp cloud. Microsoft Azure has both FedRamp and non-FedRamp cloud servers. It is important that companies understand what they have and what they need.

So, is your head spinning yet?  We can help. As a managed services provider, we have experience helping businesses like yours choose cloud solutions, including configuring cloud storage securely and keeping it protected over time. Contact us or book a meeting for a quick consultation on how we can help.

Are you aware of the most common cyberattack methods?

Did you know there are over 3.4 billion phishing emails sent every day? Phishing and other cybercriminal behavior are a lot more common than you’d think.

Our free “Phishing, Smishing, Vishing, Pharming? A Cyberattacks Guide” will inform you about cyberattack methods and give you the latest in data security tips. 

Phishing Smishing Vishing Pharming Download Promo

Download Now


Brian Rodgers

Before Brian founded Aeko in 2016, he oversaw large teams as an IT executive within the oil and gas industry, leading the technology infrastructure that helped that company grow to an S&P 500 company. He is passionate about bringing those same strategies to small and midsize businesses, enabling them to scale their services and adapt more quickly to market changes.