Along with individual users, more organizations are finding
compelling reasons to use the cloud. With use, comes risk.
That ubiquitous future of computing has been available by the hour
from Amazon since 2006, sold as hosted software even longer, and
often used unknowingly by most of us through Gmail, Twitter,
Facebook, and other more social cloud applications.
Internet-based computing today brings shared resources, software,
and information to hundreds of millions of computers and PDAs
around the worldwhether its a consumers using free public cloud
applications, an organization employing customized, cloud-based
business applications (for example, Salesforce), or a government
entity using its private cloud. For instance, many of the 10
billion apps downloaded from iTunes are simply small programs that
use data or services stored in the cloud to give the user
everything from restaurant choices to song titles to cheapest
prices on various products.
With this easy-to-access service comes new tools to do everything
from communicate with co-workers to run a CRM platform. You no
longer need to purchase hardware, host software, or incur costs for
ongoing upgrades for such applications. More important, the
convenience and new efficiencies brought by these applications are
almost unimaginable.
A Booz Allen study of the federal governments IT department showed
that its switch to a cloud environment would result in lifecycle
costs 65 percent lower than the current environment,
benefit-to-cost ratios (savings to investments) of 5.7 to 25, and a
payback on investments in three to four years.
Likewise, the Gartner Group identified cloud computing as a top 10
strategic technology of 2010 and its survey of CIOs found it the
top tech priority of 2011.
But with this cloud burst, also comes concern about information
technology privacy and security. In simple terms, an open channel
to the cloud adds yet another level of risk to everything from an
individuals personal information to a business client list or
secret sauce. And over the past few years, there have been a
handful of well-publicized incidents in which a companys cloud
service was shut down, hacked or experienced a loss of data.
In fairness, these incidents were small potatoes compared to past
system failures or security breaches caused by hackers or viruses
or information taken from stolen laptops (one of which is pilfered
every 53 seconds, according to the FBI). But the sheer scale of the
transformational movement to cloud computing should make users and
providers aware of security and privacy issues and vigilant about
their protection.
As both a provider (my company hosts online registration management
software) and a user of cloud computing services, I have a dual
perspective of the importance of security and integrity and the
need for 24/7 accessibility. And from that perspective, I can offer
a few tips to improve your comfort level in using hosted services.
- A good starting point would be a quick review of a providers
basic security measures. Your data should be protected by standard
encryption (256-bit encryption is todays norm), segregated on a
dedicated server and password protected. If the provider works with
third parties, you should know whether they have access to your
data and what safeguards are in place.
- Find out how the providers security measures align with yours.
It also doesnt hurt to ask if theyve ever had a breach in security
or break in service, or what they would do should such an incident
occur. And just to be safe, check into how you will get your data
in a usable format should something happen to your providers
business.
- I know it is a nuisance, but this is one of those times that
you should actually read through the Terms & Conditions to get
comfortable with what is the providers responsibility versus what
is your responsibility when it comes to privacy and security.
- On the other end of this two-sided equation, users should
establish and follow a good password system. Try to limit the
number of authorized users, require strong
(number/letter/uppercase/lowercase combos and non-word options)
passwords and remind users not to email passwords, leave them on
notes on their desks, and so forth. Also, when your provider
updates its software, make sure nothing changes regarding passwords
and access.
- Use common sense on what data you input into the cloud service.
Only share what is mission critical, and not information
unnecessary to the software but potentially harmful if compromised.
Chances are highly likely that you have been using the cloud for
years without incident. The market has obviously made the
determination that the value offered by such shared services far
outweighs any risks.
Finally, It should provide some comfort knowing that it is
paramount to a cloud-service providers very existence to ensure the
utmost security and performance. In many respects, your data is
much safer with a third party cloud provider than say, residing on
your laptop computer in the office.