If you’re like other laser-scanning professionals, most of the assets you capture are private or protected under confidentiality agreements. And that means you need to secure the points clouds and 3D models just as well as your customers secure the sites themselves. If this detailed 3D data fell into the wrong hands, that could be disastrous for your customers and your business alike.
But your specialty is capturing and processing 3D data sets, and you’re not a data-security expert. So how can you keep your point clouds secure?
Why you should consider a cloud solution
You might think that using on-premise servers for storage is the best way to secure your data. It might surprise you to learn that this approach involves big security risks, and that cloud storage might just be the safer way to go.
Threat detection
Let’s say your company administers its own data storage locally. If a hacker breaches your security system, your team probably won’t respond quickly. They’ll be scanning or processing data rather than watching the servers, so the hack may go unnoticed for days or even weeks.
Cloud-storage solutions like NavVis’ IVION have significant resources and technology dedicated solely to the task of protecting your data. They run on platforms like Amazon Web Services (AWS) or Microsoft Azure, which employ large teams trained to respond to external threats.
These solutions also use sophisticated tooling—developed by AWS, Azure, or internally—that monitors the security system automatically.
In short, the cloud-storage solutions have the dedicated resources to catch the early signs of a threat, and prevent nefarious actors from getting their hands on your customers’ data.
Faster security updates
Every so often, specialists will discover a new vulnerability, a flaw in a security system that can be exploited by a hacker or other actor. In case you think this doesn’t matter to you, consider this article on the recent log4j vulnerability: One cybersecurity firm says it saw hackers try to exploit the weakness on more than half of the corporate networks it was watching.
If your company administers its own servers, you’re probably not keeping up on these vulnerabilities. If you are, your team will take a significant amount of time to resolve the issue. And then even longer to deploy the fix to your system. Meanwhile, your customers’ data is at risk.
Again, a cloud-storage solution has dedicated resources with the special expertise to identify the problem and issue an update. Its team of software developers can fix a vulnerability and issue updates to your security system in a matter of hours. This prevents future exploits and keeps your data secure. All while you log billable hours.
How to choose the right cloud-storage solution
Cloud storage can improve the security of your data, but it’s crucial to choose your solution carefully. Unfortunately, it’s intimidating to wade through the variety of complex options to determine which one is right for you.
Here are some factors that can help you make an educated choice:
1. Corporate stance
Learn how the company communicates with the public about data security and privacy. Research whether it has posted about the topic on social media, mentioned it in interviews, or run webinars on the topic. Read a security article or two on the corporate blog. Find out if the company has an information security officer. Learn what certifications it advertises, such as ISO 27001.
The goal is to learn how important data security is to a company’s public image. If they aren’t communicating about it, that’s an important factor to consider.
2. The technology stack
Next, you’ll want to learn about the technology the solution is built on. The information you want might not be public, but nearly any salesperson will answer your questions. If they won’t—or can’t—that could be another red flag.
Like you, many of the cloud-storage solutions you work with will build their technology stack out of specialized services. Ask the salesperson, which services do they use? Are they built on AWS, Microsoft Azure, or another option? Do they contract with a specialized service for authentication? What other technologies do they use?
Have the salesperson walk you through the details of their security implementation. For instance, ask, What standards do they use in their software development processes? What encryption do they employ? Do they conduct regular testing, for instance penetration testing on their code base to check for new vulnerabilities?
You don’t need to be an expert on every technology that the company uses, but it can be extremely helpful to find out more about how the company approaches data security.
3. Data permissions and ownership
It’s not just external actors who can threaten the security and privacy of your data. Sometimes you can face threats from within your own company, or the company storing your data. That’s why it’s crucial to ask questions about data permissions and ownership.
Ask the salesperson how you can restrict permissions to ensure that only certain people can view, download, or edit your private confidential data. Ask whether you can wipe all of your data sets completely, and whether you can do it yourself without contacting the company. It might surprise you to learn that some solutions won’t offer this option.
Learn about the solution’s business model. It’s common for products built on cloud services to anonymize customer data, aggregate it, and sell. The problem is that true anonymization of data is extremely difficult, and most companies don’t do it properly. Though this practice is most common in e-commerce—not spatial data—you can’t be too careful. If a cloud-storage solution sells anonymized data sets, they could be sharing data about the spaces you capture or other private details about your business.
The salesperson’s answers should make you feel confident that you have complete control over your data.
Find a solution you can trust
If the security of your point clouds is important to your business, you should consider using cloud storage. The best solutions will have access to resources like a team of specialists and sophisticated technology that can protect your customers’ data with little effort on your part.
And you don’t need to be an expert to choose well. Do some research. Ask a salesperson some questions. The solutions that are working hardest to protect your data will be eager to show it, and do everything they can to earn your trust.
Sean Higgins is an independent technology writer, former trade publication editor, and outdoors enthusiast. He believes that clear, buzzword-free writing about 3D technologies is a public service.