IaaS

What Your Company Must Know Before Moving into the Cloud

Jamon Moore

Share This Post!

Hoards of companies continue to move their systems from data centers to Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and a whole new host of “as-a-Service” acronyms that have recently burst onto the scene.

These cloud-based platforms promise inexpensive and streamlined IT services, yet after a series of high-profile cloud security breaches in 2013, more and more users are questioning the safety of their cloud data. While big contenders like Amazon and Microsoft tout the safety of their cloud systems, cloud security is never completely airtight. Therefore, companies must weigh the security risks against the benefits before migrating sensitive information, such as agreements or compliance data, to the cloud.

Top 3 Things to Know Before Moving into the Cloud

1. Security is never a guarantee. Remember when the CEO of LifeLock gave out his social security number because he was so confident that his identity couldn’t be stolen? At last count, his identity was stolen 13 times. Security is never a guarantee. Hackers can gain access to critical data through items as simple as lost laptops, misplaced mobile devices, and forgotten user passwords. No person or company, no matter how secure, is completely immune to all possibilities.
2. Business data isn’t the top target. Although contract breaches do occur, hackers tend to target consumer data, such as identification numbers, credit card information, passwords, and bank account information. So while no one can guarantee security, business data less commonly appears on hackers’ radar.
3. Don’t ignore additional risks. While security ranks as the chief concern among potential cloud users, it’s not the biggest threat. According to Gartner, top public cloud concerns include:
   • Loss of availability (performance)
   • Minimal control over form and status of vital applications
   • Vendor viability
   • Potential regulatory violations
   • Loss of confidentiality

While these risks might deter some companies from moving their data to the cloud, SaaS offerings still offer great benefits, especially for emerging growth companies. Growing companies face the same challenges and complexities as their larger counterparts, but have fewer resources at their disposal.

The cloud levels the playing field, offering emerging companies the IT infrastructure of enterprise companies without the capital expenditure, allowing them to maintain growth while remaining competitive with larger players.

What to Have in Hand Before Moving Forward

With the risks and benefits in mind, here’s what an emerging growth company or anyone interested in the cloud should do before migrating:

• Assess your risk appetite business profile. When developing a risk appetite profile, consider your data’s sensitivity, your IT’s capabilities to support a SaaS solution, and the industry regulations for the data class.
• Determine prior experience with cloud services. If your company has prior experience with cloud offerings, it might have developed past policies to vet future cloud services, easing adoption.

Assess external risk. By developing a process to assess external risk, your company can better determine if the class of data in the cloud fits with your risk appetite.

• Identify security controls to govern the use of cloud services. It’s important to know which employees and contractors can access information in the cloud and to understand the extent of their access. Security brokerage services and similar firms can help your IT security team understand internal cloud uses.

Here are some final recommendations for companies interested in moving into the cloud:

• If you don’t have cloud services, establish a business profile relative to your company’s risk appetite.
• Use internal compliance and regulatory standards when assessing risk with external parties.
• Protect highly sensitive data with proper controls, particularly security access.
• Develop contingency plans in case of supplier insolvency.
• Establish business ownership for the use of both information and technology.

Cloud services provide an easy and inexpensive route to data storage, yet the security of that data isn’t certain. While companies increasingly transition their information into the cloud, both emerging growth and established companies must understand the limits of security and take appropriate measures to protect sensitive data.

Looking for more information on cloud hosting? Check out our side-by-side comparison of leading platforms in the Top 10 Cloud Hosting Software report. You can also browse exclusive Business-Software.com resources on cloud management by visiting the cloud hosting software research center.

[A version of this post originally appeared on the Revitas Blog and is republished with permission.]

• Vendor

Jamon Moore

Product Line Manager, Revitas, Revitas
Expert in CLM and Compliance

I'm Jamon Moore, Product Line Manager, Platform and OEM at Revitas -- leading the strategy and management for Revitas platforms and related services. I also work with our technology partners. I lead the cloud vision and strategy (delivered through RevitasNOW) ...