mylia.uk   +44 191 580 2959

 

 

What should you consider when selecting a cloud provider?

security questions

 

How will your data be protected? 

Everyone should ask these questions before putting any data into the cloud, especially their business data. 

Data held in the European Union is protected.  However there is currently a great deal of ambiguity over how well this data is protected if the provider is based outside the E.U.  .

 

This gets even more complicated if the provider uses a third party to provide part of their infrastructure.  Legislation in the U.S. compels companies to hand over data held on servers, on demand without going through normal channels.  i.e. Your Cloud Solution provider could use a third party such as Microsoft or Amazon to provide their infrastructure, these third parties can be compelled to hand over your data without informing you or the cloud solution provider and without following the normal legal process required in the U.k.

 

Sound Scary?  Read more –

Microsoft vs the long arm of the law (TheRegister.co.uk)

 

The questions we recommend customers ask before selecting a Cloud Solution, along with our answers follow.

 

1.) Where will my data be held - Is it within the E.U.  Could any infrastructure provider they use be forced by their local laws to hand over your data (For example under the U.S. patriot act).

mylia holds your data  on servers  within the E.U.  All data is stored within an encrypted database which our Infrastructure provider has no access to.  Our Infrastructure provider has their global headquarters in France.   In any case our Infrastructure provider cannot access any of our servers, nor do they have the ability to decrypt our database. 

 

 

 

 

 

2.) Will my data be encrypted?  Are the backups encrypted?  Is tenant level encryption used?

Tennant level encryption is a relatively new term.  When data is "encrypted" it is secured using a key (Imagine a very long and random password).  If someone has the key they can access the data.  Many cloud providers do encrypt their customer’s data - however using a single key.  If this key is compromised a hacker would be able to decrypt everyone’s data. mylia performs a full and complete backup each evening to a remote location.  The backed up data has the same security provisions in place as the live database.

 

mylia stores your data using strong encryption.  All backups are of the encrypted data base and are at no point decrypted during the backup or restore process.

We use tenant level security, each customer has a unique encryption key and held securely within a special system we have named the vault.  The vault will only release a key once it is certain the user is allowed to access the data.  Should any customer key be compromised no other customer would be affected.  Should our database ever be compromised we are happy it is encrypted to such a degree that it would be effectively useless.   

When you access mylia, mylia checks you have a secure (https) connection.   If you do not mylia will create one.  Once logged in mylia always uses a secure https connection and will refuse to send data over an unsecure connection.

 

We have implemented many levels of security to protect your data.  For obvious reasons we do not wish to discuss all of them on the public internet.  If you still have concerns please get in touch.

 

 

 

 

3.) How can I remove my data from your cloud?   What if I wish to leave or perform my own backup?

mylia allows you to export your data to Microsoft Excel format.  You can do this on demand, as often as you wish, as long as you have an active subscription.

Once a subscription expires we hold the data for a period of months in case you decide to come back.  Afterwhich we will delete it.

If you would like to close your account and us delete all of your data immediately, please get in touch we're happy to help.  mylia complies with the UK Data protection act and will not store your data for longer than is necessary.

 

 

 

 

4.) Do you support two factor authentication?

This allows two pieces of data to be used to validate a person signing in for example password and a Pin Number sent to an SMS number.

 

We know your business data is important to you.

mylia uses standard username and password authentication. However during sign up we verify that we have a valid mobile number for the user.  We then use this to validate potentially dangerous requests.

 

For example, if a user’s email is compromised a hacker could then request a password reset on most websites.  This would be sent to the users email address allowing the hacker to change the user’s password for the website.

 

mylia will use two factor authentication in this situation.  We will send the password request email, but also a Pin number to the users mobile.  This means we can be sure that the person requesting the password reset has access to both the users email and mobile telephone.  

 

 

 

 

4.) Will my credit card details be kept secure?

mylia uses a trusted third party to process payments.  Our servers and staff never see your payment information.  All payments are currently handled though pay pal.  We will never ask you for your card details.  mylia directs you to the paypal payment gateway to make a payment.  The payment is then transferred to our account. 

We never know your payment details.