By Erik Cassano
Today’s business professionals expect quick and easy access to information that’s essential to their jobs, regardless of their physical location. Many organizations provide this access via on-site servers, but what happens when there is a power failure, or some other incident cuts your servers off from the outside world?
That’s when your servers feel less like an information hub and more like a ball and chain weighing your company down. With the cloud, however, those problems don’t exist.
By removing the burden and risks of on-site data storage, cloud computing has helped many businesses become more flexible, more scalable and less centralized within their bricks-and-mortar headquarters.
“The cloud allows your business to be more agile and responsive,” says Chris Patterson, senior director of product management for NaviSite, a cloud solutions provider owned by Time Warner Cable. “It’s a way to offload computing tasks that you don’t want to deal with and to keep reserve storage capacity at the ready. You have it when you need it, and you can shut it off when you don’t.”
But there is a trade-off. When migrating business-critical data to an offsite location, your company gives up some control over how that data is stored, protected and accessed. Before diving into the cloud, it’s important to have a thorough understanding of how to utilize cloud-based services effectively and how you will address the risks.
Increasing cloud cover
Cloud technology has developed and proliferated so quickly that it’s been easy for businesses to get swept up in the tidal wave. But as often happens in the business community, there is a copycat effect at work. One well-known company perfects its own model of how to use an emerging technology, and legions of others companies try to follow suit.
In the case of cloud computing, the technology trendsetter was online retail giant Amazon.
“Amazon was really the one who took the idea of a dynamic cloud-based business model and made it accessible via the Internet,” Patterson says. “Since then, lots of vendors have built out their own cloud-based models, and it’s become its own technological ecosystem over the past six or seven years.”
In that time frame, the cloud has gone from being an emerging technology used by a handful of companies to a popular technology solution for businesses of all sizes.
“Today, our customers aren’t asking, ‘Why should I put this on the cloud?’” Patterson says. “Instead, they’re asking, ‘Why shouldn’t I put this on the cloud?’ It’s become the mainstream way to handle large amounts of data and manage the applications that handle that data.”
That said, moving business-critical functions to the cloud is about more than keeping up with the 21st century Joneses. There are tangible benefits, including scalability, agility for future growth and cost savings, that draw businesses in a wide range of industries to cloud migration.
“It’s a way for organizations to lower capital expenses and shift to more of an operating expense model,” says Darin Haines, senior director of strategy and consulting services for the managed services and IT solutions provider Logicalis. “Expense patterns are specific to each company, but if you think about the life cycle of a data center – the spikes in capital outlay when you have to refresh your storage and network infrastructure –moving all of that to the cloud turns those capital expenses of purchasing new equipment into monthly and yearly operating expenses. That can help you better manage your cash flow.”
With the advantages of utilizing the cloud, it’s easy to see why businesses are eager to implement the new technology. But what about the security risks of storing your company’s data off-site, in the hands of another company? How can you be certain your organization’s important information in the right hands? That’s where your company must do the legwork.
Risk versus reward
For many companies, moving sensitive and valuable data onto a third-party platform is initially – and understandably – worrisome.
“There is a real psychological effect at work – the desire to protect what’s yours,” Patterson says. “You have a visceral reaction not to let that information outside of your walls.”
The reason you don’t entirely trust the cloud is valid: You are surrendering control of your data to a cloud services provider, its key people and its systems. But there are steps you can take to maintain a level of control over what happens to your data and who can access it, says Andy Daudelin, vice president of cloud for AT&T.
“I divide it into four buckets,” Daudelin says. “The first is your people, the second is the network, the third is how data is transported to and from the cloud, and the fourth is how you monitor for data breaches. Each bucket serves as its own security checkpoint, and each presents a possible security risk.”
Your employees are always the first line of defense when protecting data stored on the cloud. Well-trained employees serve as vigilant gatekeepers who can provide more thorough security than can any software program.
“We have a saying at AT&T, ‘You are the firewall,’” Daudelin says. “A lot of security comes back to having people who are educated in the dos and don’ts of managing information. You want people who have a thorough understanding of your transport and usage policies regarding data.”
To do that, your company must define its data security policies and create a program to continually train people around those policies.
“Clear security guidelines and a robust training program take you a long way right off the bat,” Daudelin says. “There is no substitute for well-trained people who are all on the same page regarding data security.”
Your cloud network itself serves as another checkpoint – one that you’ll need to work with your cloud service provider to maximize. Different providers have different security systems and protocols in place, and depending on your needs, some may be willing to provide a customized security system. The key is to partner with a cloud services provider that can furnish the type and level of data security your company requires.
“Encryption systems and least-access protocols ensure that nobody has more access to the network than they need to do their jobs,” Daudelin says. “The network mechanisms work in tandem with your in-house policies to help restrict access to only what’s necessary.”
Your data is most vulnerable to breaches when it’s being migrated between the cloud and a terminal computer – just as jewelry or money is most vulnerable to theft when it’s not under lock and key – making data transport another risk area to consider.
“People don’t talk about data when it’s being transported between the cloud and the user,” Daudelin says. “Everyone is focused primarily on the security of data already in the cloud. But that is a key area of concern, because your staff could be accessing data from the office, from their homes, or even via Wi-Fi in a coffee shop.”
Creating security protocols for users and limiting access to employees who need it to do their jobs are keys to minimizing the risks of data transport.
The fourth area, threat monitoring, encompasses the other three. Monitoring your network for security breaches, and responding quickly if a breach is detected is everyone’s responsibility – the employees who use your cloud-based data to do their jobs, your IT team and your cloud services provider.
“It’s a team effort to keep track of where data is and how it’s being used, and notifying the proper people if data is missing,” Daudelin says.
Wrapping these steps into a holistic security plan is a large undertaking, even larger if you maintain several cloud-based data storage systems, as many companies do. The key is to remember that cloud usage and cloud security, while related, are two different topics.
“Having data on the cloud is one thing, but accessing it is another,” Daudelin says. “You have data on the cloud, but how are you managing it? How are you controlling access to it? Those are questions you have to consider.”
Other questions worth asking
The cloud isn’t a cure-all of your company’s data storage challenges; it’s just another tool in your toolbox. As with on-site storage, it has both its advantages and its limitations. Smart cloud utilization means embracing cloud technology, but not falling head-over-heels in love with it.
To properly utilize the cloud, you need to have a firm understanding of what you hope to gain by migrating data offsite, and whether the benefits outpace the cost and risks.
“You have to sit down as a leadership team and gain a thorough understanding of your business and how the cloud fits into it,” Haines says. “Do you understand how your data applications are utilized, and whether they can be effectively mapped into a cloud environment? And if you do, then do you have what you need to support and secure that data once it’s migrated?”
And ask this difficult question: “What is our company’s motivation for moving to the cloud?”
“I would never have a conversation with a client about the cloud if their primary reason is to save a lot of money right away,” Haines says. “Yes, there can be cost benefits in many cases. But don’t think you’re going to move all your data to the cloud and save a ton of money overnight. That’s not realistic, and it shouldn’t be your motivation.”
Your primary motivation should be twofold: to make day-to-day business easier to conduct, and to enable the future growth of your company. If the cloud can’t help you do both of those things, it might not be a good investment.
“The cloud’s primary benefit is agility,” Haines says. “You’re outsourcing data storage to another company that has the capacity to grow along with you, and you’re putting it in a place that can be accessed by anyone who needs it, regardless of where they are. It’s about providing positive outcomes and agility for your business, and that should be your motivation for moving to the cloud.”