So your clients want to move their applications or IT solutions to the cloud. Likely, they’ve heard about the many benefits touted by cloud services and products, which typically promise data redundancy, scalability, and increased security. But how accurate are these promises?
As you help clients migrate to the cloud, make sure they understand the limits of cloud solutions and the risks involved. As an IT consultant, you can be liable for the performance of any product or service you recommend to your clients. So when you recommend a cloud-based solution as part of your professional services, you become liable for the security and performance of that solution.
That can make many IT consultants nervous: even when an application or cloud-based program has performed well in the past, you can’t control how it will do in the future. And you can’t always know whether its underlying security infrastructure is sound.
For this reason, many IT professionals doubt cloud solutions will make their clients' data more secure. In fact, according to the Ponemon Institute's recent survey of more than 600 IT and security professionals, 66 percent of those interviewed believe that using the cloud diminishes their ability to protect sensitive data.
So who's right? The IT professionals who doubt cloud security or the cloud companies that promise improved data risk management?
Sorting Fact from Fiction: Is the Cloud Safe?
Is cloud computing safe? That's the kind of question IT professionals hate because you have to respond with a wishy-washy answer: it depends.
Asking if cloud computing is safe is like asking if cars are safe. They can be – and they can also be deadly. The cloud opens the way for programmers and developers to make apps and build their own IT solutions. Unfortunately, this means that – just as happened with motor vehicles – you can have an onslaught of new products and users of those products, some of which are not secure or safe.
Yet Entrepreneur Magazine points out that when a small business signs up for Amazon's cloud computing solutions (or other big-name cloud provider), its data is stored behind the massive security infrastructure that Amazon needs to run its EC2 services. The cloud means that small businesses can get access to corporate-level data security.
The truth about cloud security is that it's a mixed bag. Some apps are more secure than others. Some solutions are substantial improvements in data security.
Cloud Secret: Hidden Apps = Hidden Risk
One of the cloud security risks the average small-business owner might not recognize is that the vendors and third parties they hire could be using non-secure cloud apps.
Say you outsource your sales processing to a SaaS company. You see the SaaS you use to enter sales data, but you don't see apps that are working behind the scenes. Just as in any other area of IT, risk is interconnected. A weakness in one area can lead to a data breach in another.
Weak security with Target's HVAC contractor led to the data breach on the retailer’s point-of-sale computers. The bottom line is that IT contractors can be liable in these situations. You can be sued if the cloud provider you recommend has flaws (anywhere in the company) that lead to a data breach.
For more on third-party risks for IT companies, see our article "Help Your Clients Understand the Risks of Third-Party Contractors."
Cloud Computing and the False Sense of Security
Perhaps the biggest security issue with the cloud is that it offers a false sense of security. By now, you're probably thinking, "the cloud sounds like any other IT solution. There's some good, some bad, and some risk." That's exactly right.
Cloud computing offers some security improvements, but like any IT solution, it still has its risks. It's important for you not to overpromise on the security features of cloud computing. Tell your clients that cloud computing can be an improvement, but not a game changer.
The truth is that many data breaches are still caused by employee errors and simple mistakes. When clients update to the cloud, the transition can lead to more security vulnerabilities if clients don't understand how to use the cloud securely.
Say a client switches to online data management, but an employee wants to work on a file over the weekend, while they’re at a cabin without patchy Internet. Downloading a file to a thumb drive and opening it on their home computer could still expose your clients to data breach risks.
As clients transition to the cloud, they might be more likely to make these kinds of mistakes, removing data from secure cloud locations and emailing it or storing it on non-secure locations.