Image showing light in the clouds

How is Cloud More Secure than On-Premises

Stakeholders at SMEs and Corporates often cite Security and Privacy as reasons for not moving their software to the Cloud. This is a reasonable concern given several high-profile hacking incidents in recent memory. This article, however, aims to show how storing documents in the Cloud is safer than storing them on a server at your office.

Let’s think about what Security and Privacy mean. There are 3 aspects to this:
  • Documents should not be seen by unauthorised persons
  • Documents should not be lost
  • Documents should not be tampered with
Let’s now delve into each of these 3 points and see what is required to secure your documents.
  • Documents should not be seen by unauthorised persons
    • When a document is being transferred from the Author’s computer to the Storage location, it should be encrypted so that no one can snoop upon its contents.
    • When a document is in storage on a server, it should be encrypted so that if a 3rd party gets unauthorised access to the server, they cannot view the document’s contents. This is called “Encryption at Rest”.
    • Server administrators use a back-end access point to access the server and perform various management tasks. This access point should be secure. E.g. SSH access should be limited by RSA-2 encrypted public and private keys in addition to a password.
    • Authorised users of the system should only see documents they have access to. There should be comprehensive and easy-to-use access control mechanisms within the software it self.
  • Documents should not be lost
    • All the above requirements apply here as well. Preventing unauthorised access is the first step to ensuring that vital documents are not deleted by a person with malicious intent.
    • Live Mirroring works by continuously creating an identical copy of the database and content on a different physical server, sometimes on a different continent. In addition to improving speed of access from different countries, this provides a layer of redundancy. If a natural disaster hits one server, then the data is still available on the other server on a different continent.
    • Daily Backups ought to be taken – all the documents and metadata are saved offline on a separate server. This provides an additional layer of redundancy, in case of a catastrophe.
    • The application itself should have a “Trashcan” or “Recycle Bin” from which users can restore documents, in case they delete documents inadvertently.
  • Documents should not be tampered with
    • Once again all the requirements of security listed above apply here. If unauthorised access is blocked, then chances of tampering reduce.
    • The DMS system should allow for documents to be frozen or declared as records – after which the document cannot be modified.
    • A full audit trail should be maintained that can be used to see who modified a document when.
    • Digital Signatures can be used – which get invalidated if a previously signed document is tampered with.
Can your office server or your in-house data center provide all the above features? Implementing such features using on-premises hardware can be expensive and sometimes impossible for small companies with no international footprint (how will you host your data in India but keep a backup in Amsterdam, just in case?). In addition, the cost of maintaining an IT security team to manage the hardware and software can also be prohibitive for smaller companies.

EisenVault’s Cloud Based DMS does provide the above features. We use cutting edge cloud storage services from companies such as Google and IBM. We are talking about infrastructure environment that is designed and managed to the specifications of some of the world’s most security-sensitive organisations. You can rest easy knowing your documents are in safe hands.