Cost savings are a big draw for many small and mid-sized firms opting for hosted computing services. But many such companies move to the Cloud without adequate thought and planning.
In their eagerness to adopt the technology, smaller firms often don’t fully consider security risks associated with cloud computing, or take steps to minimize these.
As a result they jeopardize, not just their own business, but their clients’ interests as well, according to data and e-mail security firm Websense Inc.
Widespread adoption of consumer and commercially targeted cloud apps is a huge industry trend, according to Dave Meizlik, director of product marketing at Websense.
But along with the opportunities they offer, cloud computing and social media are also potential mine fields, he cautioned.
Online interaction channels are broadly of two types, Meizlik says.
The first includes consumer targeted social networking sites, such as Facebook and Twitter; and the second, commercial cloud apps such as Salesforce.com and other Web-based customer relationship management tools.
Recently more than 50 per cent of Fortune 100 companies have some sort of social media presence on channels such as Facebook and Twitter. Eighteen months ago, that number was only 10 per cent, noted Meizlik.
And adoption of cloud computing by small and mid-sized businesses is even more dramatic, he said. “That’s because these technologies offer them far more bang for their buck.”
Big Blue and small biz
At least two major vendors, IBM and Microsoft, are focusing on the small and mid-sized business market with their latest offerings.
Details of Microsoft’s cloud computing offering are still emerging.
However, one space Redmond believes is ready for cloud services is the small and mid-sized business market, said Birger Steen, vice-president, worldwide small medium business and distribution at Microsoft.
Typically, smaller firms have had to settle for stripped-down versions of enterprise software from large vendors, or software from smaller providers that aren’t well known.
Cloud computing, Microsoft says, offers small firms the features and reliability of enterprise-scale apps at a significantly lower cost.
Earlier this month, Microsoft discontinued development of its Enterprise Business Server, a software package aimed at smaller businesses.
Redmond is now advising these firms to consider the company’s office productivity cloud offerings, such as its Business Productivity Online Suite.
Enterprise Business Server didn’t work out for many reasons, Steen said. Firstly, small organizations tend to buy their software piecemeal. They may purchase a file server this year and an e-mail server the next.
So deploying an integrated package would have meant replacing a perfectly good piece of software, something organizations are reluctant to do.
Secondly, firms have started using “virtualization” technology to consolidate software on a smaller set of servers. Finally, cloud computing offers a more appealing alternative, he said.
However, cloud computing also has its limitations, as another industry observer points out.
“The idea that everything will move to the cloud is a bit naïve,” said Caleb Barlow, director, SMB solutions development at IBM.
He said smaller firms, in particular, would continue to need on-site data storage and processing in the foreseeable future.
IBM, like Microsoft, offers many office collaboration services. It also provides a cloud service through LotusLive.
Both IBM and Microsoft are competing with other cloud service providers, big and small, such as Google and Zoho.
Security in the cloud is a big concern for small and mid-sized businesses, just as it is for larger companies who’ve opted for this model, according to Fiaaz Walji, country manager for Websense Canada.
Data theft, he said, has a crippling effect on a firm’s reputation and revenue. “It could cost a company up to $212 per lost record. For a smaller firm, with limited resources, that could be a very hard blow.”
Experts note that cloud services foster flexible workstyles, allowing employees to work remotely. However, quite often, workers aren’t adequately trained to decide what data can be transmitted online or via social networking channels.
Websense said data loss is four times more likely to happen on social Web sites than through e-mails. “This is because work-related e-mails are typically exchanged through colleagues. Data sent to the cloud or a social site may be open to anyone,” said Maizlik.
Five surprises to avoid
Industry insiders detail five unpleasant cloud computing surprises and how to avoid them.
1. Sensitive files on company’s Facebook page – A memo from the company president berating staff members, employees’ HR files, and customer account information are some examples. Imagine the fallout if these type of documents should ever appear on a public site such as Facebook.
To avoid such a fiasco, Walji recommends that companies set up a policy early on what type of information can be sent out to the Web or transmitted via cloud services. It should also specify who can handle what type of information.
2. Employee leaks company data – Insider threat is always a risk in any organization. Again it is important to conduct regular assessments on who is allowed to handle what data.
Websense offers tools to automate these security procedures, said Walji. For instance users can configure the tool to provide access to certain data only to certain personnel.
Apart from warning administrators of a breach, the software can also be programmed to warn employees they are breaching security, or to simply limit or block an erring user’s access to the network.
3. Finding out your cloud provider is operating from a van – Maybe that’s an exaggeration, but Walji says smaller firms should carefully investigate the background and standards cloud service providers adhere to. Not doing so could lay an organization open to costly legal proceedings.
For instance, make sure your providers are equipped and capable of complying with regulations, legislation, and standards that apply to your business such as Canada’s Personal Information Protection and Electronic Documents Act or PIPA, the Payment Card Industry (PCI) and Health Insurance Portability Accountability Act (HIPAA).
4. Our data’s been hijacked – Data, applications and resources are vulnerable in the cloud due to often weak authentication.
Proactive monitoring of threats and two-factor authentication can minimize this risk. Remember cloud services require regular updates, life cycle and performance assessments, encryption and access control reviews.
5. You’re not just doing business in Canada – The Internet helps tear down borders for many businesses. Just because your company happens to be in Canada doesn’t mean you only abide by Canadian rules.
“If you’re transacting with clients in the U.S. or some other part of the world, you’re also subject to laws in those places,” said Maizlik, of Websense.
Make sure your personnel are well aware of legislation surrounding transactions in other jurisdictions that you company is active, Maizlik said.
Websense offers products that come with menus to handle various compliance regulations.
(With files from Joab Jackson, IDG News Service)