Let’s start with a definition – the Cloud is computing capacity accessible on demand over the internet. The main benefits of the cloud are:
- Elasticity and scalability: eliminate unnecessary IT capacity and smoothly handle the peaks or unpredicted workload at your organization.
- Only pay for the capacity and services you use in a given period.
- Security: specialized vendors invest huge human and financial resources into security measures, which smaller firms cannot afford.
- Enhanced flexibility and maintenance: easier geographical reachability of company data goes hand-in-hand with regular vendor-based security updates and functional upgrades.
- Better reaction to customer requirements and faster adoption of business opportunities.
The above benefits are attainable, but not by everyone and not in every situation.
Reconsidering the benefits (and risks) of the Cloud
Regardless of the type of Cloud services you use, you should consider important security issues, which include:
Cyber-attacks and information theft have caused huge financial and reputation damage to companies, and then there are also the security breaches that were not publicized. A security breach is malicious conduct in cyberspace that may lead to the interruption of critical services in the physical world. So, what are the risks?
- The centralization of Cloud solutions into the hands of big players may lead to a situation where misuse of one security hole can affect millions of users and lead to the leakage of your customers’ data or your intellectual property.
- Distributed Denial of Service (DDoS) attacks and other outages may lead to an inability to provide services to your customers, effectively forcing you out of business or you may incur large fines.
- Bring Your Own Device (BYOD) policies and use of attractive Cloud products may change you into an effective and flexible organization, but are you sure you will be able to respond to a security regulator’s questions on your customers’ data life-cycle and security?
The proper mix of services provided by both Cloud providers and by the company can mitigate certain threats. However, this shouldn’t lead us to conclude that these are the only risks, or that precautionary steps should only be focused on the Cloud environment.
There has been a shift in EU countries from self-imposed adherence to “good practices” and local measures to stricter, centralized and binding pan-EU regulations. These principles may cause “culture shock” to businesses in other parts of the world.
For example, the General Data Protection Regulation (GDPR) and the Directive on Security of Network and Information Systems (NIS Directive) will be implemented in 2018; fines for their infringement will be up to €20 million or 4% of a subject’s total worldwide annual turnover. Do you know if you are subject to these regulations and what impact they will have? Your Cloud provider or IT vendor can’t be rendered responsible for the “whole thing” as the EU law puts it, some responsibilities will also rest on the user’s shoulders.
Of course, there are many other points to be discussed, such as: total ownership costs (cloud doesn’t always cost less), data accessibility and management, vendor lock-in, readiness of your legacy applications for working in the Cloud, etc.
The aspects discussed previously lead us to the question of organizational processes – making sure an organization will be able to implement all the applicable requirements (including concrete IT actions) with reasonable costs.
Implementation of Cloud services may bring substantial benefits to support strategic goals, but may also expose organizations to new problems. These need to be identified and assessed to understand whether Cloud solutions are the best and most cost-effective option for a business.
A very simple yet powerful approach before buying into the Cloud is to examine if you are already getting the most from your existing IT infrastructure which was already been paid for and which your staff already know. Using this fine-tuning and discovering new possibilities can be undertaken relatively quickly and without substantial investments to address operational efficiencies, regulatory compliance and resilience to cyber security threats.
It is not possible to avoid continuous re-assessment of your organizational processes and ICTs due to legislative and security aspects, whether you use traditional or cloud architecture.
Data System Soft, spol. s r.o.
We have been helping our customers to reach their goals using a combination of IT solutions from well-known vendors and our own analytical and implementation skills since 1991. We help clients get the most from their existing IT infrastructure assets (both in house and Cloud) and transform legislative requirements into specific technical measures in a secure and cost effective way.
Jozef Škandera, Business Development Manager, Data System Soft, spol. s r.o.