“I worry about security in the Cloud.” Don’t! In most cases, the security in place at a Cloud or SaaS host will be stronger than what you can put in place on your company’s servers. Generally, a Cloud host or any SaaS host will have more resources earmarked for security since it is part of the hosting business model. The host company will have more at risk because its many clients are counting on it to provide security against intruders and hackers. A security failure can mean the end of that business.
When Target had a security breach, it was critical and it cost the company a lot of money. But the operational impact was not permanent. That is because Target’s business is not to provide security. Although security is a necessary part of doing business, Target’s real business is to provide retail goods that people want and need. A few weeks after the breach, customers were back at Target, buying goods. Some were paying cash, but most had already forgotten about the breach. But providing security is part of the main business of a Cloud host. So they usually have a security specialist or an entire security department on staff. They see more of what can go wrong and have built much greater defenses and more sophisticated security than a medium-size firm can afford. They are current on the latest security issues as well as the latest technology. And their backup procedures and equipment are more comprehensive and up to date than most mid-sized companies’ could possibly be.
Think of the amount of time and money that goes into security. Researching, creating, and writing policies; researching, selecting, and implementing the latest security programs; sending email warnings when something suspicious appears, discovering a threat, working to pinpoint the threat, collaboration, meetings, working iteratively to stop the threat, assessing and repairing damage, rebuilding the security to encompass the new threat, documenting and rereleasing upgraded security, putting systems back online, crossing fingers and hoping the threat is completely eradicated, and then waiting for it to hit all over again—this is what you have to lose. If you move to the Cloud, your IT resources that are currently spent on security can be spent elsewhere and the creativity and expertise of your IT staff can be put to use improving your business.
Of course, you’ll need to do your due diligence in searching for and selecting the financial or operational software you will use in the Cloud and your Cloud or SaaS host. Ask to see the host’s security and backup plan and be sure you are on-board with it. Be sure to ask who takes care of what in the event of a breach or hack and be sure to understand what role you play. Evaluate the day-to-day operations to be sure they work with your company’s policies and procedures: Who has access to your data and who has access to the logs? Is there an audit trail? Are you allowed to perform penetration tests to satisfy yourself as to the security of your data?
In today’s digital environment, security is more important than ever. Nine times out of ten, your Cloud host or SaaS host will be able to provide better security than your mid-size company can. So don’t let security be a reason for avoiding the Cloud—let it be one of your many reasons for moving to the Cloud.