Up in the cloud

Ashutosh Kapse – IOOF Head of Cyber Security

With the ‘cloud’ becoming a very popular computing model, I’m often asked about the risks and what the cloud means for security.

Firstly, the cloud means different to things different people. Quite simply the cloud usually means using a service provider on the internet to store and manage your computing systems and data and can scale on demand with a touch of a button. Cloud computing includes creating documents on Googledocs, sharing files via DropBox, setting up your servers on Amazon, storing customer data in SalesForce through to archiving your music/photos on iCloud.

Cloud services can make you far more productive and can bring agility to your business. However, as you’re effectively handing over control of your computing and your data to others, it does comes with unique business risks. That’s why when you’re choosing your cloud provider, it’s important to do your homework.

If you’re considering using a cloud service in your practice here are some things to consider:

  1. Support
    How easy is it to get help or have your questions answered? Is there an FAQ on the website? Can you contact someone by phone to get your queries answered? What is their commitment to support you in case you have trouble using the service? Remember, smooth running of your business is going to depend on their support, so you need to be sure you can rely on their support if needed.
  2. Security
    What data that belongs to you is stored in the cloud? How will you move your data from your computer to the cloud? Where and how is it stored by them? Is it encrypted, if yes, who can decrypt the data? Will your data be co-mingled with other customers’ data? How will the provider ensure that your data is not accidentally exposed to other users of the cloud? If the data is accessed illegally, when and how will they inform you? If you decide to stop using the cloud service, or the company goes out of business, how will they return your data to you? In what format and what timeframe? What legal guarantees can they give you about all of the above?
  3. Terms of service
    Take some time out to understand the 'terms of service' and what you are signing up to. Confirm who can access your data and what your legal rights are. Understand any responsibilities assumed by the provider or required by you. Understand what cloud settings you are expected to control.
  4. Availability
    What commitment/guarantee is the cloud provider ready to give you regarding the availability and continuity of the service? If the service does suffer disruption, how quickly will the cloud provider act and how quickly will they bring it back on line? Is that acceptable to your business?
  5. Legislation and policy
    Check if you have any legislative requirements and what your company’s policy is regarding cloud solutions and storing your data in the cloud.

The information contained in this newsletter is provided on behalf of the IOOF group of companies and is intended for financial adviser use only. It is given in good faith and has been prepared based on information that is believed to be accurate and reliable at the time of publication. Any examples are for illustration purposes only and are based on the continuance of present laws and our interpretation of them at the time.