More and more enterprises are moving data and processes into the cloud and using software as a service (SaaS). Cloud providers are promoting SaaS solutions to “revolutionise” business processes in areas such as customs clearance, carrier selection, or supply chain visibility. But is the cloud – where data and software reside in huge computer centers – really a suitable environment for IT operating systems supporting integral global business processes?
If global trade is to stay in sync, such cloud applications must be available on demand, and the transfer of local processes into the cloud holds both risks and opportunities. The opportunities get enough press, so let’s take a look at the risks. There are three main areas of concern: IT security, data privacy, and availability.
This is an area where SMEs in particular could actually benefit from a move to the cloud. Many SMEs run IT systems and computer centres that have grown organically and often fail to comply with standards. Hardly any use the proven ITIL process model or has the resources to obtain ISO 27001 certification for its computer centre. Reputable cloud providers offer all that, plus a higher security standard than what was previously available. When choosing your cloud solution provider, it is important to ensure compliance with your ERP system as well as your security policies.
This refers to the security of sensitive data and its protection against unauthorised access – an increasingly important area, with more and more governments implementing stricter laws and regulations. The disclosure of confidential information is almost never a technical failure. Simply put, it is individuals who leak secrets. The greatest threat to confidential data remains misuse – and that is typically perpetrated by people with legitimate access to the data. So here, too, the cloud doesn’t necessarily pose a greater threat. Once again, it’s important to choose a reputable provider who seamlessly documents access of IT administrators to your systems and has a method of dual control in place for sensitive data.
System availability remains a risk. It is under threat from anything that can cause an outage, be it a fire or a construction worker who cuts through wires. Of course all these things can also happen if you have your own computer centre. But reputable cloud providers have a system of redundancy, which tends to yield benefits. They can take advantage of the much-talked-about “economies of scale” and therefore have much more affordable options for incorporating a multi-layered safety net than in-house IT departments. In addition to unforeseen outages, computer centres also have planned downtimes. Their duration is simply a question of money. The often-promised 99.9% availability is twice as expensive as the 99% availability that, in most cases, would be perfectly sufficient. In any event, the cloud is generally superior to “private” computer centres on this front as well, since it is designed for flexibility in acquiring processing capacity and storage space, even during service windows.
So, in a nutshell, the cloud is safe. How safe? That’s a matter of trust, and trust should only be awarded to those who earn it. The key recommendations remain: follow the advice of the British Standards Institution (BSI) or the U.S. National Institute of Standards and Technology (NIST) and check first with your own IT and then with the potential cloud solution provider. There are reputable providers. None of them can offer 100% security, but some come very close. The decision on whether to move critical process steps into the cloud will always remain a business decision, and for those there are no easy solutions.
Image source: shutterstock