Monday, October 7, 2013

The Security Concerns are Real Enough

Are hosted or cloud solutions secure?  Secure enough for your information?  We are not talking about the business next door.  We are talking about your livelihood.  These are not the same questions related to how appropriate or practical a hosted solution may be. 

 


There are many concerns related to hosted or cloud solutions.  Most would agree that it is a question of time and not if, but when the scales will tip towards a hosted solution.  A hosted solution that handles the primary line of business solution versus a subset of processing.   

 

Size does seem to matter in this case.  Larger enterprises tend to prefer handling their needs in-house where they can control all the facets of operations, integration and security.  Mid-sized corporations tend to have a mixed use and need for hosted solutions, where the type of business operations drives those decisions.  The smaller business tends to embrace the technology quicker.  Budget, of course, and available resources play a big part in these decisions.  Public social media forums are in a category themselves and are not generally considered line-of-business.  Internal blogs and community forums are typically private.

 

Some of the top issues revolve around:

1.       How secure is it?

2.       Does it make sense?

3.       How will it change my business operations?

4.       Will my employees require more training?

5.       Does it fit my budget? 

6.       Will it reduce my costs?

7.       What happens if I run out of money?

8.       Who owns my data?

 

Security Concerns:

 

The security concerns are real enough, but are not necessarily related to hosted solutions.  Cloud or hosted solutions are often an eye opener to security concerns for on-premise solutions.  Many organizations do not pay attention to that box sitting there when it is inside their office.  The threats are real and the consequences of a data breach are the same regardless of the location of information.

 

Chief issues with hosted solutions, particularly for the smaller business, often revolve around selecting the no-charge or free versions that are really designed for consumers and not businesses.  The quest to save money and reduce costs creates gaps in security and separated and disconnected systems. 

 

Consumer services often lack enterprise support, encryption of data in transit and at rest and contract agreements.  Agreements and support to ensure that your business is as important to them and that they understand what it means if what you have paid for is up and running or not available.  Remember that up-time is not the same as available.

 

Disconnected systems increase costs and errors due to the lack of integration and the manual processes that typically are associated with separate systems.  These problems intensify when the online application does not address the central business challenges and are selected to address secondary needs.

 

Users generally want to be productive and like their own devices which open up gaping holes in security.  They like downloading and experimenting with different applications which ultimately can expose information that is supposed to be private.  If they use their own devices and your infrastructure is hosted, then how can you control what they download, what they share, what they may lose.

 

For example they may download an application that allows them to manipulate a spread sheet on their phone.  That application may be okay, but what about that game or other application that is also sitting on the same device that has the ability to read storage and open network connections on its own.  Add to that equation – did that employee violate policies by copying the information to that device.  Did they email it as plain text over an unsecure connection?  With the capacity and convenience of these devices did they just download your entire customer database to their smart phone?

 

It really does not matter where the data lies as long as it is secure and policies exist to define and ensure compliance.  Employees are trained, devices are secured and services exist to monitor and ensure compliance.   The solutions exist to ensure compliance, but an organization needs a policy first before a procedure can be applied.

 

You may not think there is value in the information you have, but others do and it is your responsibility.

 

At Dolvin Consulting we help make your employees more productive so your business can drive efficiency and be more profitable.  Contact us today to see how a fresh set of eyes can improve your operations.  You already know how to run your business, let us help you find better tools to mange it.

 

No comments:

Post a Comment