I still read articles that discuss the “upcoming” cloud technologies as very new and you will have to make a decision in a few years to embrace it. (These articles are often in accounting publications, embarrassingly enough.) Sorry folks- the technology is here now and you need to embrace it now or be left behind very quickly.
So is security something to consider when moving to the cloud? It sure is. But the security is probably much better than what you are doing now.
What is the “cloud”?
The “cloud” is a cool term for “servers and applications hosted somewhere offsite by someone else”. The beauty of the cloud is, like a utility, you let the provider worry about how to manage it– you just plug into it, use it, and pay a fee.
However, there are those that are uncomfortable with the cloud because of it’s risks. The major risks commonly associated with mission-critical applications in the cloud include: 1. Loss of access to your data- either temporarily or permanently and 2. Security of the data, particularly access by unauthorized parties.
Are the risks any higher than your current solution?
Let’s be honest. If you are a small business today running its own in-house server, can you guarantee you won’t lose access to your data permanently? Where is your offsite backup? How old is it? Is it restorable? I’ve worked in numerous companies where the answer to these questions were often, “We think so.” A pretty big risk in my opinion.
With this same in-house server, can you guarantee that no unauthorized parties can access it? Does your contract IT specialist have access? Who else has he or she given access to? Does your server communicate via the internet? (If it hosts email, yes it does.) Are your external network ports secure from intrusion? Have you ever checked? Are the passwords for the server physically written on the server case, so when I walk into the unlocked closet that contains the servers, I can log in as an administrator? [Insert nervous giggle here.]
Do you have employees that download files to their laptops so that they can work away from the office? How are those laptops secured? Has a laptop ever been lost in your organization? Without special software, you can’t wipe the drive of a laptop that you no longer physically possess. That means you had to plan for it before it disappeared.
Can you do technology better than Google?
So given this information, is the cloud really a bad idea? Amazon and Google and other cloud providers can spend millions more than you can on IT personnel, equipment, and technologies to keep your data up and running and accessible to only people you authorize. Would I trust keeping my financial data on “Joe Blow’s Cloud Emporium” run by a 9th grader down the street? No, I wouldn’t. I would use a reputable cloud service provider with a vested interest in doing it right.
Is your data valuable or interesting to outsiders?
Quite frankly, probably not. You might have two things external people want to steal- bank account data and credit card data. Those obviously have to meet a security standard that most other data does not. And that information is already being stored in the cloud and exchanged on the internet all the time. So you can’t avoid those items being “out there”- the security just has to stay ahead of the thieves. Most of your data is valuable only to employees and possibly, competitors.
There is a bunch of stuff your employees might like to know, and I would risk to say you have some of that in an unlocked file cabinet available for their perusal at any time. Do you keep personnel files onsite, including Social Security Numbers and Health Insurance applications? Is there a spreadsheet somewhere on your server with employees’ salaries? I won’t ask you to raise your hand.
I’m being a little harsh when I say your data isn’t valuable to anyone else. However, I would accept arguments about cloud security much more seriously if I felt you were securing that information better now.
What can I gain from using the cloud?
So why do I advocate the cloud so heavily? Because, as I’ve mentioned, a cloud provider can do a much better job at uptime and security than you can for a fraction of the money. First, the storage devices are not physically accessible to anyone in your office (and other interested parties). Users must have a password to access any of your data and those passwords can be deleted instantly.
Cloud technologies increase collaboration. By its nature, the cloud allows you to work on documents simultaneously and most importantly, you do not have multiple copies of this document on unsecured devices. Or multiple revisions of the same document with no information on which one is most current.
Moving to the cloud is also a great opportunity to create a better security policy for your company. What is your password standard and how often do they need to be changed? What is your policy on downloading company data to a device? What is your policy on accessing company data from a personal device?
What about disaster recovery? Your office is flooded or burned. How fast can you get your server back up and running with current data? Maybe one to two days if your backups are good (see above). What if every employee could get back up and running on their laptops as soon as they found an internet connection elsewhere?
Just do the cloud already
So is security something to consider when moving to the cloud? It sure is. But the security is probably much better than what you are doing now. Add to that the gigantic gains you can make in your business when everyone you want has access to mission-critical data from any device from anywhere in the world.
Are there small business topics you would like to see here on Biz Hippo? Include topic suggestions in the comments and we’ll do our best to post about it– and make it interesting.