Major risks of not choosing the cloud
6 min read
23 February 2017
Given recent high-profile media reports of cloud hacks, it’s no wonder business owners are nervous about putting their operational data in the cloud, but is this fear justified?
With more businesses accepting that not having business data in the cloud is a bigger risk than trying to manage it in house, it’s worth taking a closer look.
Not all “clouds” are created equal
Reports of cloud hacks affecting one billion Yahoo emails and iCloud’s private image store are obviously worrying, but in a business context, these events are much less frequent and rarely, if ever, related to “true cloud”.
It’s important to recognise that not all clouds are created equal.
So, what is the cloud exactly? It’s still computers, databases and the internet but it’s important to look at how it’s configured.
Traditionally, software has been operated “on-premise”, which is a single version of software on the company’s server, connected to the company’s network, on the company’s premises and supported by the company’s own people.
It is purchased and owned by a single owner who is entirely responsible for the upkeep of the system.
State-of-the-art “true cloud” solutions work differently. True cloud providers deliver an application which serves multiple customers. It’s always up to date, capable of being configured to specific needs, globally accessible, requires no IT skills to manage, cost-effective due to a subscription-based model and sits separate from client data meaning that it’s far more secure.
Then there are the “fake cloud” solutions which are a hybrid. The software, servers, network and IT skills are outsourced. It is still a single version of software, but just not on your premises, and so the benefits of “true cloud” are not being enjoyed while the risks associated with on-premise are still very real.
The issues around on-premise and fake clouds
Up until a decade or so ago, on-premise was the only way a business could buy software and customise it to its needs.
The issues of going down this route is that software can go out-of-date very quickly and having to rely on updates and IT people to maintain it can be very expensive and sometimes, upgrades cause problems.
It’s also typical for companies using on-premise software to become “locked” to a version of software and later identify IT requirements for software as a bottleneck and not the enabling force that they had hoped for.
Of course, on-premise systems that rely on human intervention and manual processes are less reliable than a properly programmed application.
In fact, it’s not uncommon for business owners to back-up financial data to a USB stick and companies to faithfully back-up their data onto magnetic tapes that turn out to be blank.
Fake cloud environments are a poor compromise. The only “benefit” to the customer is that other people are “hosting” and managing their application for them (and charging them handsomely for it!).
So, with the upsurge in so-called fake cloud environments, it’s now difficult to be 100 per cent certain where the data resides, how it is segregated, protected and backed-up and exactly who can access it, move it, write to it or delete it.
Why is not choosing the cloud such an insider fraud risk?
For most businesses, data is critical. Lose the data, lose the business. Data is so valuable that it is equivalent to money.
If you choose to go on premise, this is akin to keeping your money in a shoe box under your bed, and by going with a hosted provider or a fake cloud environment, this is like keeping a box of money under someone else’s bed! Only a true cloud solution is like putting your money in the bank.
Insider threats present a far greater risk when you choose a solution that isn’t true cloud.
For instance, when business software provider, Sage, experienced a data breach potentially impacting 280 firms, it turned out to be a disgruntled employee.
This is not an isolated case. CIFAS’s Employee Fraudscape 2016 report highlights that 153 organisations identified a total of 585 confirmed insider fraud cases in 2015. This includes 38 cases of unlawfully obtaining and disclosing commercial or personal data.
Whether employees purposely commit fraud or do so through negligent/accidental behaviour, the fact remains that on-premise servers offer insiders far greater access to the company’s valuable data.
Don’t be a technological dinosaur
Dwelling in the past is not an option for progressive business owners. A true cloud business solution could make the difference between success and failure, with non-cloud solutions proving higher risk and more difficult and costly to change.
For many businesses, not choosing the cloud could see them left behind by their competitors and quite possibly extinct.
Andrew Peddie is MD of cloud solutions provider FHL