Have something to say?
Join LinkedIn for free to participate in the conversation. When you join, you can comment and post your own discussions.
John-Martin
Why aren't you storing your financial data in the Cloud?
With the massive increase of dollars being spent on securing Cloud Storage, I am yet to see the uptake of SMEs in the use of applications that Store their Business Financial Data in the Cloud. Are there still major concerns over securing this type of data in the Cloud or is this just an education process that needs to be engaged?
While I am cognisant of the differences between Private, Public and Hybrid Clouds and what Services each offers; in reality, the cost of many of the Private and Hybrid Services are not within the price-range of many of the SMEs requiring such services. The 'catch-22' is that the security requirements within the Public Clouds do not attract the SME's financial data sets.
Of course, there is still the concern over passing your financial data across the Internet, let along storing it; especially when organisations like Microsoft are releasing Data Mining Tools that can scan across your Cloud data and provide anyone willing to pay with consolidated (and very accurate) reports on businesses within a local area, type of work, locally, nationally, and internationally, etc with intelligent data that may contain a subset of your information.
Now I am sure there are limitations to what data can be scanned both legally and moraly, and that some sort of buy-in process will probably be required to undertake this type of scan. However, there are many non-scrupulous entities willing to augment their income through less moral or legal means and, with the increase of Businesses using the Cloud for storage, the opportunity for securing business intelligence across many smaller businesses simply increases.
Regardless of whether your Cloud Service Provider provides symmetric or asymmetric cryptography techniques for your Data Encryption, the chances are this can be broken, if it hasn't already been done! The entire commercial world runs off the assumption that encryption is rock-solid and is not breakable; now while that may be the case today, within the foreseeable and near future, cracking these codes will become trivial, thanks to quantum computing.
So should you be storing your data in the Cloud; if the world financial and banking institutes don't do so, then why would you? The Banks really don't need to as they have enough funds to create the perfect Hybrid Cloud Solution with data stored on their own Servers in their own Data Centres; all while using the Cloud to pass short transaction records (often meaningless strings of numbers) to collector points or gateways that then translate this information into sensible outcomes on your account.
The question then remains, do you store your financial data in the Cloud?
Have something to say?
Join LinkedIn for free to participate in the conversation. When you join, you can comment and post your own discussions.
Esa T. likes this
You, Esa T. like this
11 comments
Louise
Louise M. • Personally, I would not store any data on a public cloud which I would not be prepared to lose. Additionally, I would not rely on the cloud to support any critical operations - there is too much that could go wrong and too much out of my control. No matter what anyone says, if you want something doing properly, do it yourself, after all, no one will look after your baby as well as you will.
Richard
Richard H. • Of course millions of customers financial data are stored everyday in the cloud - think Amazon, Ebay, Facebook, Google, Hotmail and LinkedIn for starters - with the highest levels of regulatory and security compliance achieved by any organisations on the planet.
In SME sector, many firms hold all their critical business data in their SaleForce applications online, along with a range of other Software as a Service (SaaS) vendors - many great and expanding UK providers amongst them. I know for a fact that major banks and government departments (including military and health sector agencies) now use these SaaS services themselves.
Meanwhile many global giants including BP, GSK and household UK names such as Channel4 and EasyJet use combinations of public and private cloud infrastructure to deliver vital applications.
That is not to say that a public cloud route suites everyone or every application - in particular commercial terms and regulatory compliance hurdles may prove too restrictive. However, it is surprising how few cases where this actually blocks usage entirely. In three years working with demanding end-users I have yet to see a cloud proposal fail on the grounds of security, and indeed in some cases the motivation to move to cloud was to raise security standards.
Moreover, having spent decades working in police, government and financial IT security - both preventative and forensic - everyone should be aware that current datacenter operations inhouse or by traditional managed service firms rarely reach the standards achieved in public cloud, and are often compromised by the actions of internal staff by accident or through malicious intent.
There are no perfectly reliable, 100% secure scenarios and everyone should have contingency and security measures that assume failures and breaches are possible.
Louise
Louise M. • Richard, I agree that security can be compromised within as well as outside organisational boundaries, in all sorts of ways as you say. However, I have found that, once you consign any part of your business into the guardianship of a third party, you also sign over control and risk losing touch with that part of your business. There is no doubt that the more organisational boundaries you introduce into the management of your operations, however large or small, the more complexities you introduce and the less control you have. At least, where your security is compromised within your domain, you have the capacity and authority to act directly and immediately to contain that compromise and illiminate its source.
Damon
Damon H. • Agreed, control is the issue.
Where data is not secret, storing a *copy* in the cloud is no problem, eg company reports after publication. But before, with all the improper-disclosure penalties implied? Would your SLA cover them?
Rgds
Damon
Louise
Louise M. • Damon, you look very young - or is it just me getting old?
Kim
Kim P. • An interesting article posted on Mashable by Simon Crosby (CTO at Citrixi) titled 'Why the cloud is actually the safest place for your data'.
http://mashable.com/2011/03/29/cloud-computing-security/
Chris
Chris A. • How many SME data centres would meet the requirements of the relevant security certifications, let alone be certified? (e.g. ISO 27001:2005) My guess is that the number of both would be small.
Those SMEs that don't meet the requirements would probably be better off storing their financial and business data in *aaS providers that have been certified.
Which jurisdiction(s) the *aaS provider falls under is also important. Some countries respect data privacy less than others...
Auban
Auban D. • I think there are 2 concerns about cloud storage:
# the technical concern, to know if cloud is secure enough, and reactive enough to resolve any issue that can have big impact of a business, and all things you all posted
# the mindset concern: SME owners don't have all the knowledge and the awareness to be confident about those technologies and solutions.
I think that it is the biggest challenge today for any providers to convince these owners that Cloud is a real alternative for their needs: cost and IS control. I said IS control because SMEs are oftently not a model of IT safety...
Cloud, and specially hybrid cloud because SMEs owners like to keep control of their data, can be the right to access to reliable and adaptable IT services at best price. But they are still to convince, don't you think? :-)
Louise
Louise M. • Chris, certification does not guarantee control or security. As an SME director, I view ISO certifcation as no more than a piece of paper which would not make me feel any more secure about any sensitive data or operation I might have. ISO certification does not underwrite all the risk I may incur in the event of a security breach or operational down-time.
Steve
Steve R. • Because it aint secure
Damon
Damon H. • Even thinking out the cloud reduces your apparent age to that of a toddler: best to raise the VC first, with the grey hairs. B^>
Rgds
Damon