Simon Foster is a self-confessed IT geek and Managing Director of Shoeboxed Australia, an SME that scans, organises and stores your receipts online for expense or tax preparation. Simon is also the convenor of the SME Special Interest Group for the Australian Computer Society.www.shoeboxed.com.au/
How safe is your data in the cloud?
What are the security concerns of putting your data in the cloud compared to standard systems?
While the term cloud is relatively new, at a basic level it means hosting data on the internet in an external data centre controlled by the organisation.
This is actually something organisations have been doing for decades but is now referred to as ‘private cloud’.
The more popular option for small businesses is ‘public cloud’, where data crosses the public internet and is often a shared system under the control of the software vendor.
There are three main security concerns for businesses thinking of moving to public cloud.
Is my data safe from loss/damage?
Usually a public cloud provider will have better systems/processes in place than most SMEs could afford themselves. They use data centres with full-time on-site security and operations staff, spare components, backup generators and commercial air-con. Do you have all of that in the backroom for the server?
Can unauthorised people access my data?
Again, a cloud provider will have access to better systems than a small business. However, you should always check the security and privacy policies of your provider to ensure it meets your requirements.
If the provider cannot answer your security questions, be wary. Look for privacy certifications like TrustE.
While there is talk about the US Government’s ability to access cloud data arbitrarily, they can also request access to data through Australian agencies. They have even tried to access Australian premises directly.
Will I be able to move my data if I need to?
Most on-premise software is bought outright. Usually, once you purchase, you have a licence to run it on that computer indefinitely.
Cloud software is commonly subscription based, and if you stop paying you lose access to the software/data.
This isn’t true of all services; ask the provider for their policies on this. Are you able to personally backup the data they are storing for you? What happens if you cancel the service? (Example: my company, Shoeboxed Australia, provides free access to all stored data indefinitely).
For a small business, there isn’t much difference between the security of cloud and on-premise software.
Instead, ask yourself these three questions:
- Would you benefit from access to your data anywhere or from multiple devices?
- Are monthly operational costs of a cloud product better for your business than upfront capital and upgrade costs?
- Does functionality compare favourably to your existing solution? What limitations are you currently experiencing and what are the associated costs?