Grace Information Management Blog

Make no mistake, when considering web-based storage for your records, the security is not just about technology, it is also about the bricks and mortar.

Whenever we hear or read about data centres and web storage, security is usually an issue which is discussed but it is mostly about the technology aspect. Whether data is encrypted, the access to the records, firewalls and more. What we don’t often see is any discussion about the premises or the people at the data centre, and these are just as important.

Any facility which houses the infrastructure for web-based storage must be secure and include environmental safeguards.

Grace Information & Records Management (GIRM) facilities are protected by electronic intruder detection systems with back-to-base alarms
under 24-hour surveillance monitoring.

The facilities operate Very Early Smoke Detection Apparatus (VESDA) in accordance with AS 1670. The facilities are constructed with quality materials and incorporate extensive fire-protection systems in accordance with BCA 96 (Construction) and AS 2118 (Fire Suppression). All buildings are equipped with sprinkler systems and fire doors to ensure correct fire-prevention policies are maintained, with sophisticated fire alarms linked to local fire brigade units.

All GIRM personnel have current security clearances, sign a confidentiality agreement and their references are stringently checked. Access to the facilities is restricted to authorised personnel only, using swipe cards to gain access.

With the premises and personnel considered, let’s turn our attention to the technology. First, know that access to data is by secure login credentials for each individual so that access is logged and reportable.

All servers must be protected with firewalls and protected against viruses, malware, trojans – all the usual suspects – with appropriate alerts for any unauthorised access attempts.

Data being transmitted should be encrypted at both ends. When data is downloaded to any storage device, they should also be secured with login requirements and encryption.

GIRM has implemented a three-tier security system manages which manages access to projects, determines what a user can do and controls access to individual documents. With 24-hour monitoring, all attempts to log into the data repository are recorded, complete with date, time and action, so you know who is logging on, when, where and why.

The onus to maintain security is not only that of your provider. It is a two-way street. At the client end, security must also be taken seriously. The main area where all personnel should be diligent is with login credentials. Passwords must be “strong”, they must be unique i.e. don’t reuse them, they must be changed regularly and they must not, under any circumstances, be shared.

Generally, web-based storage is more secure as this is core business for the providers and their reputation would be adversely
affected if their security provisions were breached. Do your research, ask a lot of questions and get references, it is worth doing extensive homework that will then allow you to recap the benefits of web-based storage.