Cloud securityAlthough it feels like we passed the tipping point for cloud-based business software a long time ago, I still get asked every now and then whether this “cloud” thing is really safe for critical business data. For those of us who understand how much better the cloud and software-as-a-service is for small businesses, the question can seem old-fashioned, perhaps even slightly Luddite.

But a slight shift of perspective reminds me why it’s not a surprising question.

“Cloud”. The word implies the exact opposite of something solid and dependable: “1. a visible mass of condensed watery vapour floating in the atmosphere. 2. an indistinct or billowing mass, especially of smoke or dust” -- The Oxford English Dictionary. Repurposed in the 1980s and 90s by telecoms engineers to describe the complex switching systems and transmission networks that carried a voice from one point to another, it is being redefined again to refer to a distant army of computers distributed across the globe that serve up information and software on demand.

Most business people haven’t yet absorbed this new definition, much less understood its implications. So to most readers “the cloud” still sounds vague and unreliable.

And then add in the enormous media attention to high-profile data thefts from the likes of Sony, periodic spikes of concern about privacy on Facebook and even the Wikileaks leaks. Small business owners (and everyone else outside the IT business, for that matter) can be forgiven for not knowing that the cloud is actually the safest place for their data.

Let me say that again: The cloud is the safest place for critical business data. Why? Well start by asking what “safe” means. As far as I can tell, to most businesses, it actually means 3 different things:

  1. Will I or my team be able to get to our critical business data when we need to?
  2. Will our data be protected from unauthorised access or outright theft?
  3. Will our data be there if something goes wrong-- computers fail all the time. What happens to our data when they do?

Let’s take these in turn.

First, getting to your critical business data wherever and whenever you need to is easier with the cloud because it’s no longer tied to a particular computer. Instead, you (and anyone you permit-- and only them) can get to it wherever in the world you (or they) happen to be from any standard web browser. And whether you use a PC or a Mac or smartphone doesn’t matter any more. We hear all the time from small business owners who are absolutely amazed at the flexibility of data access they have once they move to an over-the-web application like Brightpearl.

Second, protecting your data from unauthorized theft also becomes easier because you can immediately prevent access to anyone by simply disabling the account of a former employee or contractor. Because cloud-based systems can be accessed from anywhere at any time, you can do that remotely. That’s a lot easier than changing the locks or asking for a laptop back.

And then as the customer of a company like Brightpearl (or any other quality vendor of cloud-based software), you have not one but two teams simultaneously working to secure your data. One at Brightpearl, working to make sure the software can’t be hacked. The other team is at our hosting provider, making sure that the infrastructure hosting the software are physically protected. That’s a lot more experience working to ensure data security than most small businesses can afford to have working on their own servers and software.

Last and perhaps most importantly, you are much more likely to get your data back with cloud-based systems in the event of a hardware or other systems failure than if you host the data yourself. A reputable cloud-based provider will back up your data frequently. In Brightpearl’s case, we take a complete backup snapshot of each customer’s data every day. We’re also rolling out real-time data backup so we have a “hot swap” database ready to go at all times in case a drive crash eliminates all the data on one machine. We’ve never had that happen, but just in case.

So despite the questionable choice of terms, “cloud-based software” is a step-change improvement in data access, security, and overall safety. It just sounds a little funny.



The 2 recent outages at AmazonWebServices in Dublin put the spotlight on this - local NAS might have been better? Accounts can be disabled instantly to exclude access. J

Salman Malik's picture

Thanks for your comment, John. What I think the outages highlighted to me was just how tricky this stuff can be, even for a large, technically-sophisticated and well-resourced company like Amazon.

You sound like a sophisticated consumer of IT, but I wonder if other SMEs would wind up spending too much of their time figuring out their systems to get to the kind of reliability, recoverability and accessibility that cloud providers spend their time building.

NAS (by which I presume you mean Network Attached Storage) is still exposed to exactly same issue that affected the Amazon data centers-- power cuts. If the power does go out, recovering your system back to a stable state can often be tricky-- this is what caused most of the delay in the Amazon cases.

And access to your data still remains an issue with a NAS-- in and of itself the NAS provides only raw data storage. Unless you're able to find and operate your own web-based software system, getting to that data isn't straightforward outside its own LAN. Most non-cloud business software systems are client-server which means installing software on the machines you want to access your data from and then installing and maintaining a virtual private network to get to your data when you're outside the office. The alternative, opening your data servers up to access from outside your firewall, is unsafe since it exposes them to being hacked.

I still think most SMEs would struggle to do all the things cloud providers do to address all 3 of the different things that people mean when they speak of safety/security.

Add new comment