More and more small businesses are migrating to the cloud and reaping significant benefits like never before. With cloud services, small businesses no longer need to install physical infrastructure like e-mail servers and storage systems, or purchase software applications with exorbitant annual license fees. The “on-demand” availability of cloud solutions means seamless and simple collaboration with customers, business partners, and staff members using nothing more than a web browser. Cloud services also provide entrepreneurs and home-based businesses with access to advanced technology without the requirement to hire a full-time IT specialist.
But what exactly is this “cloud”?
Cloud computing is an overarching term which encompasses a number of different categories. Software-as-a-Service (SaaS) is where a particular application or service is provided to a business or individual as a subscription. Google Drive, QuickBooks Online Plus, and BaseCamp are all popular examples of SaaS.
Using Platform-as-a-Service (PaaS), businesses are provided with a platform on which they can build, install, and maintain customized apps, databases and integrated business unit services. Widely used PaaS include Windows Azure, SharePoint Online, and Google App Engine.
Infrastructure-as-a-Service (IaaS) allows businesses to outsource infrastructure in the form of virtual resources. Components include servers, storage, networking and more. IaaS providers include Rackspace, HP Converged Infrastructure, and Amazon Web Services.
Most small businesses generally don’t need much more than SaaS to meet their operational needs. SaaS provides them with the capabilities to deliver a myriad of IT services that would otherwise be expensive and resource intensive to administer as localized, on-site solutions.
It must however be emphasized that cloud services bring with them a number of security, stability, and data control issues. That is why it is critically important that small businesses stay informed and strictly require that cloud providers furnish them with detailed business continuity plans and security controls to remediate outages and protect sensitive data.
What to do when your cloud brings the rain?
There are a plethora of reasons why cloud computing is popular. It gives small businesses the technology that enables them to be lean, agile, and competitive. But as is quite evident, trusting your information assets to a single entity whose equipment is stored in a centralized location, means that you’re extremely vulnerable to whatever outages, security compromises, or natural disasters that they are exposed to.
So what are small business owners to do? Here are some recommendations that can allow you to better manage the risks associated with cloud providers.
Fine Tune Your SLA: Service level agreements (SLA) should codify the exact parameters and minimum levels of service required by the business, as well as compensation when those service levels are not met. It should assert the ownership of the business’ data stored on the cloud platform, and outline all rights to retaining ownership. It should include the infrastructure and security standards to be adhered to, along with a right to audit for compliance. It should also specify the cost and rights around continuing/discontinuing use of the cloud service.
Keep Critical Data Local: Decide which business processes require maximum uptime, and keep them on-site. Avoiding the cloud totally for specific mission-critical applications, small businesses can minimize data unavailability as well as security and privacy issues. Most definitely some businesses have regulatory requirements to meet, and this ought to be a key consideration when deciding not to ship your data offshore.
Two-Factor Authentication: More and more providers are offering two-factor authentication (2FA) as a means of securing access to cloud services. Two-factor authentication adds a second layer of authentication to user logon credentials. When you have to enter only your username and one password, that’s considered as single-factor authentication. 2FA mandates that users have 2 out of 3 types of credentials before access to cloud resources are granted.
Deploy A Hybrid Configuration: Maintaining a hybrid implementation of cloud and local services is a best practice approach for protecting company data. Replication or archiving solutions often deliver a service with both a local appliance at the customer’s premises and cloud storage too. This type of on-premise-to-cloud replication strategy ensures that you have local copies of the data you transmit to the cloud. Actively seek out cloud providers that can configure this kind of scenario.
Availability, integrity and confidentiality issues will always exist when using IT systems. And when a business employs cloud-based computing, these challenges are even more pronounced. Be extremely meticulous when searching for cloud providers, and question them about their security controls and disaster recovery options. Even though you outsource the processing of your business data; there’s no reason why you should lose control.