Going to the Cloud is like switching off your electricity generator and moving to the power grid. Cloud mobility and the Internet of Things (IoT) has provided businesses with greater flexibility in the services they offer and the improvement of processes behind those offerings. With the driving of Cloud based applications, primarily motivated by the benefits of the fast on-demand availability of big tech cloud providers such as Amazon AWS, Google Cloud and Microsoft Azure – new types of services are beginning to replace functions that were traditionally done in-house.
What is often missed is the reality that the increased use of cloud services is driving further breaches of unauthorized access of sensitive information in the cloud, resulting in costly data breaches. That’s according to a Netskope study conducted in partnership with Ponemon Institute.
We advise companies on strategic planning associated with migrating to cloud apps for business. Some of the clients we have advised include:
- One of the ‘Big 4’ Australian Banks
- Big Tech
- Various ASX100 companies
Here are six points for thought you should know before investing in cloud applications:
1. Your cloud provider will say there are no security concerns – but actually there are
One primary issue of concern for all companies we have assisted was security and integrity of data. It turns out that they have good reason to be skeptical: for companies that did experience a data breach in the last year (31%), 48% suggested it was the employee who exposed data intentionally or accidentally using a cloud service. However, many don’t really understand that impact of human error as a catalyst for breaches.
It is not enough to have a reputable Cloud service provider. You need an expert to assess your existing business processes to ensure a second line of defence against data leaks.
2. Backup regularly, and keep them off site
Every business should have a business continuity plan. You need to understand what systems can go down, and how your business will manage if multiple systems go offline. Ensuring there is a management plan for crises and disasters is the bare minimum.
You also need to ensure your Cloud is backed up regularly, and those backup images are stored securely offsite a safe distance away. It is also best-practice to ensure those backups remain encrypted to avoid compromise, stored offline and require multi-factor authentication when access is required.
In the event of a crisis when your office space may not be available, your backup data won’t be affected and your employees will be able to log in remotely.
3. Design effective policies and procedures, and educate your staff on them!
Create an appropriate use policy for your cloud applications, which defines key terms, proper use methodology, details what is permitted, objectives and responsibilities. Effective governance is half of security. Your policies also need to demonstrate an incident response plan and which third party service provider you have engaged to manage threats should they become apparent.
Policies should also be reviewed annually, and processes should be audited by an external service provider to ensure integrity and efficiency.
Provide training material to employees that highlights the appropriate use policy, and for best practice, provide a regular training assessment to educate for proper practice.
If any high risk issues or breaches are identified in a period, the governance team should also schedule the policies for review and revise the training accordingly.
4. Don’t compromise on performance for your staff
Cloud services for your business also need to be ‘sold’ to your employees. Often, excessive firewalls and proxies will dictate how quickly you can access the Cloud. Even with multiple load bearing servers, medium speed internet connections might bottleneck at times with congestion. We prefer companies run a dedicated internet line from a different carrier between their network and Cloud provider. It’s often not much extra cost, speeds up connectivity considerably and offers a contingency plan should the original network connection go down.
5. Always stay compliant
Companies should keep in mind their legislative and regulatory obligations to keep data confidential or guarantee it’s not lost or destroyed. Many of these will translate into specific security requires or certification requirements.
When data is stored in the cloud, it is imperative your governance team assess the implications against the Public Service Act 1999, Freedom of Information Act 1982, Privacy Act 1988, Archives Act 1983, Evidence Act 1995, Copyright Act 1968 and the Electronic Transactions Act 1999.
6. Manage costs effectively
If your company grows quickly, or there is a genuine spike in demand, often there will be financial consequences associated with the change. Your business may have understood the costs for say, 100 user licenses, but if the company grows to 200 in a few years, the costs won’t exactly trend the way you might imagine.
If you are using multiple cloud service providers, it may be best to consider consolidating to one provider. To make the process easier, an external service provider like Gridware can assist with the migration.
At Gridware, we help our clients to think outside the box and move away from their legacy models to improve productivity. To get your business started on the Cloud, please contact us.
