Is Your Data Safe in the Cloud?
Where, exactly, is this cloud thing? That's often the first question we get asked about the cloud. The answer is pretty simple. It's a computer at a professional data storage center that allows you to access your data through the internet---nothing to do with clouds.
The second question is about data security. And the answer to that may surprise you.
It's a Control issue. We tend to think that our data is more secure on our own computer in our own office. But that's because we are really thinking about control instead of security. A Forbes article from a couple of years ago pointed out that this is why some people are afraid of flying---because they're not in control on an airplane. When you're driving your car, you are in control but, when you get on a plane, you surrender control to the pilot. And that makes us feel less safe. We worry less about driving than flying even though statistics show that we're much more likely to be in a car crash than an airplane crash.
That same thinking makes us feel that our data is safer under our control. Consider the professional data center like the experienced airplane pilot. They are well trained, and they have backup systems and contingency plans for any problem they might encounter. They know the implications of a crash on their business' bottom line. Keeping your data safe is their only business so they cover all their bases including a fully trained staff, restricted access to the premises, backup generators, and buildings that can withstand extreme weather.
The bottom line is that professional data centers can and will invest far more resources into keeping your data safe than you can. Your business is storage. Their business is data security. And the safety of your data will make or break them.
Credit Card Security. The same rule applies to credit card data. The number one reason behind cardholder data security compromises is the inability of merchants to protect their customer's stored credit card data. Most companies that experience a data breach have failed to protect sensitive information. The Payment Card Industry Data Security Standards (PCI DSS) are designed to help you better protect that data. They require, among other things, a firewall, anti-virus software, secure passwords that are changed often for all users, access on a need-to-know basis only, tracking and monitoring all user access, restricted physical access to card data, regularly testing of security systems, and so on. All this requires a lot of time and effort and you could get fined or lose your merchant account if these rules are not followed.
Get it out of your office so it's not there to steal. The easiest and safest way to reduce your liability in this area is to store your credit card data with the professionals. Data thieves can't steal what you don't possess. We chose Element Payment Services as our credit card partner because they offer off-site storage on their Level One servers as well as point-to-point encryption. They are actually a member of the Payment Card Industry Security Standards Council so you can be sure they know what they're doing.
Automatic monthly payments are not a problem with Element's tokenization technology. They store the cardholder data; we store a token that Element gives us as the id for that card. When it's time to make the charge we simply send the token and amount to Element. They use the cardholder data stored on their server to submit the charge.