Over several years I have consulted on cloud roll-outs within various business sectors.
Most pertinent here for this blog post, I have had the privilege of working alongside business leaders and staff at all levels of the NHS and within the financial services market to understand where their concerns really resonate when it comes to understanding the cloud as a viable IT deployment.
As you can imagine, choosing to deploy cloud based services within such industries is fraught with danger, skepticism and in some quarter’s complete paranoia.
It is the security aspect of the cloud that worries people the most, but there are other bottlenecks too. When it comes to personal data that is health or finance related, regulations are at their tightest, ever changing and heavily governed.
At a time when every organisation needs to look to the cloud as a way of building a better business, this level of distrust and lack of confidence creates massive issues. While some see the potential of empowering a cloud based business model, others will fear what ‘giving up control’ will mean to them.
It results in conflicts of interest and they all revolve around…
The Top 6 Security Concerns Stopping Business Moving to the Cloud
- Confidentiality – Who is going to capture, process and disseminate our data? This is our most critical asset, we need to own it. Not knowing who has internal and especially external view capabilities is not something we are comfortable with.
- Access – Using an online service in the cloud will open up access management, monitoring and support issues. It needs to be someone internal, but who is liable for access management, training and permissions setting? And do we have any flexibility of access across different parts of the system or business?
- Visibility – Reduced visibility of service and structure. Sending not only personal data off-site but also empowering the cloud to run vital processes and communication channels is a huge risk and expectation. We need to internally coordinate people with process in a physical environment we can rely on and know who is listening in.
- Sensitivity – Every member of staff, customer, partner must have complete confidence that the information they provide is 100% secure. Data breaches with destroy our reputation and result in heavy fines. We cannot risk sending people’s personal data off-site where for example we have no say over encryption policy.
- Applications – Securing our data in the cloud as a simple storage mechanism is one thing, but the real crux of the cloud is the capacity to store endless amounts of data and then use the clouds analytics to report and make better decisions. Are the applications that do this compliant with ISO standards, change requests and interfacing protocol?
- Authentication – We are regulated by the government/industry/association when it comes to securing not just our data, but also our networks and user accounts. Password authentication may not suffice, we also need swipe card, fingerprint, retina scan authentication.
Neil Henry has over 18yrs experience in the IT industry, initially in application design and deployment, progressing to management of IT operations for leading enterprises such as Cap Gemini, Oracle, Barclays and the NHS. He specialises in cloud technologies that create business value from mobile, social and big data analytics, to support not just IT but all corporate functions. This article was written by Neil on behalf of Peer 1 hosting who deploy cloud based services.