I wrote this post originally to my company blog.
Can I trust Cloud Services? A very common question nowadays. In my opinion the question in the headline is as relevant. Very often cloud services are seen as only a potential risk, and the benefits are forgotten. The company data is kept tightly in in-premise servers, with a perfect control. A common thought goes like this: Cloud is a dangerous place and my own servers are safe, of course. Wrong. Your own server is your own server. Cloud is cloud. Let me explain.
Let me compare these two ways in the contract management context, on-premise servers and practices to cloud offerings. Is your organization sending contract drafts and contracts via unencrypted e-mail to your business partners? How are your contracts protected, both physically and technically? Who can see the contents of agreements? I dare to claim that the current cloud services solve most of these problems.
TOP3 Cloud Service Myths
Myth 1. On the Internet there is always someone attacking the Cloud. Therefore, the cloud is a threat.
Maybe. But I’d like to ask you if your servers are connected to the Internet? If so, welcome to the club. I hope you have done something about it. Additionally, I would like to say that the firewall is not a sufficient answer to this. If the server is not online, so what the heck it’s worth for ‘in the closet’? The organization must be able to utilize the stored information, as the Gigabytes will not bring any benefits to you, only the utilization of it will. One more thing: when using the Cloud Services, the administrators are monitoring the traffic and continuously checking out the logs, in order to find alarming signs. Who is monitoring your log?
Myth 2. When using Cloud Services, someone else may have access to my data. Therefore, the Cloud is dangerous.
As if hiding the in the corner of your server room would be safe. Wrong. The fact is that if you hide your wallet in your backyard it is not as safe as it is to put the safe in a bank. The expired user access combined with shared user ID’s increase the number of people who see your information if they wish to. Can you be sure about the accuracy of the user rights and access in your organization? When it comes to Cloud Services there is an automatic check point for this every month when the invoice comes.
Proper user rights management together with Cloud Services brings a better physical security: who is responsible for the costs if someone steals your servers? Naturally it is a good idea to check whether the servers of your Cloud Host are really safe. On your way to find answers to this question, check out Pasi Mäkinen’s article in Tietoviikko (in Finnish).
Myth 3. When the Internet is down, the Cloud Services may be down too, for hours. Therefore, the Cloud is not reliable.
If the Internet is down, are your own services still available to your customers, and to you? When using Cloud Services it is not likely that you get any compensation for that lost time, but do you if you have everything on your own servers? Most probably not, and on top of that, a true trade-off, is that someone (or many persons) in your organization is forced to stop the productive work and start to solve the IT service problems and correcting the situation. Costs a lot.
My point, you just cannot say that your own server is more secure. Way too simple.
In case I’m proven wrong, you can truly be very proud, having such a well-managed environment with a reasonable cost. On the other hand I’d like to ask you if this is the key task that adds value to your business. What if you used a part of the time and energy you use for the internal data security efforts to a development of a new business idea?
Finally, a word of warning. The Cloud is not the safest environment in the world, but I would argue that it is much safer than most of the internally tuned Extranets are.
I’d like to challenge you to investigate the Online Security promise of Microsoft Azure and compare it to your data security practices. You might be surprised. And I cannot promise that it will be a positive surprise.