IOUG Insight: To Cloud or Not to Cloud—That Is the Question

To move into the cloud, or not to move into the cloud ... that is the question!

Cloud solutions are rapidly expanding, and consumers and businesses are being offered these solutions at almost every turn. This reality is bringing to light one of the major concerns about cloud: IT security/privacy. It seems we are hearing about breaches into server systems, leaks in social media networks, industrial espionage, and other security incidents almost on a daily basis. So the cloud can’t be secure, right?

Let’s do a reality check—whether your data and information are on paper and stored in file cabinets, stored on the local drive of a computer, stored on a client-

server network, or stored on a cloud-based network, there is always a certain level of risk. If you store it on paper, it could be stolen, copied, shredded, or otherwise destroyed. If you store it on a computer, it could be stolen, copied, deleted, or otherwise destroyed.

The same is true for a network; whether the network where you store your data is a client-server network or a cloud-based network is irrelevant. It’s all about the provider and the data security systems and procedures that they have in place.

The cloud is still a physical place; it’s just that it’s somebody else’s server in some other location, accessed via the internet.

The answer to the question about whether the cloud is secure is not an easy one to answer. It depends on the cloud service provider, who is hosting the application and/or data, and where it resides.

It is a misconception that the cloud can’t be safe and secure. On the contrary, with a little expertise and the right security layers in place, services can actually be far more secure in the cloud environment than in many traditional IT systems—regardless of the type of service. In fact, whenever anyone in my organization cites security concerns about moving organizational applications or data into the cloud, I just tell them—reliable, robust cloud solution providers spend more on IT security in a week than our organization can spend on it in a year! With this in mind, the imperative is that all businesses should evaluate the many advantages that the cloud has to offer and not reject the technology due to a lack of knowledge. These types of decisions require an appropriate evaluation, whereby the risks, costs, and associated benefits and savings are all considered.

Here are the questions you should ask:

• Is the solution provider compliant with your industry’s information/data security requirements, such as HIPAA, PCI, and SEC?

• Is the solution environment physically secure (i.e., what are the possibilities of human attack on the machines)?

• How many data centers does the provider have?

• Where are the data centers?

• Is there built-in data center redundancy?

• What is the back-up and disaster recovery plan?

• What does the provider do to protect the

data from a cyberattack?

• What backup power plan is in place?

• What service-level agreements can be negotiated?

In a traditional environment, physical servers are housed on premise. All it would take is one disgruntled worker to bring down an entire organization. One person could easily damage, steal, or incapacitate a server. But if your IT is managed offsite by a neutral party, it will be much safer, especially if the facility is as secure as it should be.

To be considered for a a cloud-based hosted solution a data center should be rated as Tier 4. According to the Uptime Institute, a Tier 4 data center provides the following:

• 99.995% uptime per year

• Fully redundant infrastructure

• 96-hour power outage protection

• 26.3 minutes of annual downtime

In other words, with the proper measures in place, the cloud is not just secure; it is typically more secure than your organization could ever hope to be.

Quality IT providers recognize the importance of security, make significant investments to ensure the security and reliability of their clients’ systems and data, and will indicate the same in their negotiated service-level agreements.

If security concerns have ever been the primary reason for you to avoid making a move to the cloud, you may want to evaluate your options, weigh the risks, analyze the benefits, calculate the total cost of ownership, and make a well-informed decision.