“Data is the new oil? No: Data is the new soil.” – David McCandless
|Grow your livelihood on, food, house etc.||Grow your business with|
|Protect from external damage, e.g. pestilence, pollution, wind etc.||Virus Protection|
|Protect from Theft with fences and security||Security, firewalls, good IT practices, backups|
This analogy is really quite apt once considered. Therefore knowing how safe cloud technology is it is vital you plan to use this technology for your business. Most companies have or are already using cloud technology due directly to the lower costs that are associated with this technology.
The answer of safety relies on legal and trust aspects in its response and generally this relates to the dollars invested and the federal laws that apply to your cloud based location.
In this article, I will explore some of the areas of Safety that you have control of.
In House Server, Rent Infrastructure, or Rent Space and Infrastructure?
Recently I chatted with a corporate IT manager, and we discussed the pros and cons of exactly this option. Due to a company mandate, this companies board has selected that this company may not “rent” space on another company’s server. They feel the risk is too high. Instead they have opted to have their own server – in house. This has led to all sorts of bottle necking, as they simply do not have the internet resources to service their own needs.
So what to do. They either need to invest in massive infrastructure – which frankly is a waste of money, or they can rent the infrastructure and still have their own server. There are many companies that offer this, one of which is a new SA based company called YourDC. The advantage of such a solution is that this is a halfway step. You control your own server. You own your own data. You manage your server. You have access to your server and you decide who else will have access. Totally in your control. The only part you are renting is the infrastructure to house the server and supply the access e.g. internet access to and from your server. For this corporate company, this is the right way to go, based on the board decisions. This is not a cheap option, as maintaining and caring for a server, costs quite a lot of money.
In short the infrastructure for this cloud solution is like a countries infrastructure. You still own your own land, and you pay rent to use the roads, sewerage etc.
Now, if you elect to have your data Hosted, this means, that you are renting not only the infrastructure, but also the physical space for your data to reside. If this is your option, you really ought to read on about other safety considerations.
How to select a Safe Hosting Solution.
We are all still reeling from the events in Paris on the 7th of November. Obviously the terrorist had an impact, and the governments stand against terrorism, has a direct impact on stored data. So if you wish to have control of your data, the government rights over your data must be considered. My recommendation is that you should locate your data in the country that your business head office resides. E.g. if you work in the USA, your data should reside in the USA. If you work in Australia your data should reside in Australia.
This statement has a cost associated. It is initially cheaper to have data reside in a 3rd world country, but what are the long term costs. The question is – what is the cost to your data if it is not residing in your own country.
So what if you have an international company, e.g. you sell or work in more than one location. There are still solutions for you.
In fact this is just 2 of the main players in this arena, there are literally thousands of such companies. This leads us to the issue of how to choose a safe company to be with.
How to choose a Safe Hosting Company?
I have learnt from years of experience as a business manager, that generally the old proverbs are true. “You get what you pay for”. This scenario was almost tailor made for this statement. I have used many hosting companies. Some are really cheap and some are really expensive. But each offers different levels of data safety and protection.
To give you a specific example. As a database developer, I often need administrator level access to work on databases for my clients. One internet hosting company, once they provided this to me, I had access to ALL their clients’ data, not just my clients. I could have copied, shared and deleted data from any company. All this access was given to me freely. By the way, this company was an Australian promoted and located company based in Victoria.
I have also had very economic companies that really gave great value and service for money. Once such company is Azure. This discounted option, is discounted because it is limited to servicing ONLY MS SQL solutions. So in fact Microsoft have discounted this service as part of a marketing or promotion solution to promote their own products.
For Accede’s development we mainly use Amazon, however we have also used Rackspace for quite a few clients. The reason we do this, is because these companies offer the best flexibility, safety and reliability that we can viably afford. So why do we say Safety so easily and what do I consider when I say the word Safety. Accede also use Azure for its MS SQL datbase solutions.
Safety with the hosting company consists of:
- Security for your data
- Is their server reasonably well protected – how easy is it to hack?
- Do they invest in the security of their servers
- What do they have to lose if they are hacked and it becomes public information
- How easy is it to communicate with their technicians if we see or find an issue.
- What country holds the server
- What partners etc. are they linked with that may have an impact.
Now, these are the points that I review when considering were to allow our valuable data to reside. All this information is quite easily available in reviews, company website, and general blogs.
Most hosted servers, have one or more levels of firewall protection. Most also have virus and malware protection. However, is that enough and what other options are available?
This is where data encryption, security certificates, and the server settings are vital.
It is so easy to allow anyone access to your data – in fact it is easiest. But the issue then is that the data is public-ally available. So getting your host initial set up established correctly is vital. Plus this is something that should be periodically checked, as upgrades, changes etc. all can affect your setups.
My suggestion, is that this should be reviewed regularly and reported on as part of your disaster recovery checks. Microsoft recommend this be done done monthly or at least quarterly. With that stated, I suggest that if you care for your data then don’t defer this any longer than twice a year.
Level of Desire/Competition will increase your risk.
Many years ago one of my clients – involved in Manure Sales, was being targeted and regular hack attempts where being made our of India. Reverse checks, showed that a competitive business really wanted the data, and this meant that they were paying others to “get” the data for them. We increased the security and the problem went away.
If your data is desired, then expect that you will have to invest more in time and money to protect your data. Realize that even the highest invested companies have been hacked. So there is nothing, cloud or local that cannot be hacked. What you need to do, is make it so hard to hack, that is just not worth the effort.
So often friends have asked me if I can “hack” their data. Generally these businesses have no real lock on their firewalls, their password is often Password, date of birth or 123, and they have not altered their password in months. This is not what I would call hacking, I really call this looking. For these people the shock I see when they realize that getting to all their data is easy. What is often not understood, is that when you can’t get your data, it is corrupt, locked, forgotten passwords, etc. It is companies like Accede that get your data for you. So I suggest you have some good IT standards, checks and backups in place. Remember your backups contain your data, so security of these also matters.
Is my business safe using cloud technology, cloud data?
That depends on:
- How you set up your cloud service
- Desired level of security
- Caliber of companies you partner with
- And the level of desire your data holds.
I hope this article has given you an insight and areas to consider. Remember as a manager, you don’t have to know all the answers, but you have to know who to ask, and the right questions to ask.
If you have any questions or comments. I am happy to not only receive them, but I will respond to them also.
Employing an IT Person. When a student leaves uni, with their IT degree, what we have found is that that person is able to learn IT. Most of what they need to know in the business world, they as yet do not know, but they know where to find this information. Once working in IT, we notice people move into areas of specialty very quickly – and this is due to the depth and width of IT today. For example, they may become a specialist in networks, web design, programming, interfacing, call centers, servicing, hardware, communications – the list goes on. IT people in general like to socialise and communicate with other IT people, because this is what interests them. So often IT people do not like working on their own, they find this limiting, and do not feel they get the depth of skill that they desire.
So if you are employing a single IT person, be aware that for some IT people, they will not stay long, as they need to share their skills. This in itself can cause businesses stress.
Outsourced skills are even wider than employing a single IT person. Outsource, could be for a specialized area of expertise. E.g. SEO (Search Engine Optimisation Specialist), programmer etc. I personally use an Outsourced SEO, because the person we employ does a wonderful job, is timely, of value and really understands what we are attempting to achieve. So even though she is outsourced, she is really part of the Accede Family.
Outsourced skills of other IT companies. As you can see I have run an IT company for 32 years, but even with this skill and experience, there are areas, that are best to be outsourced, and this is due to expertise, knowledge etc. An example of this is Cisco Router programming, yes we have done this, but we are not the most cost effective to do this, and so we outsource this work.
So how as a business owner do you make the right choices? You need a consultant that is IT aware, that is prepared to review your needs and make the right choices for you. There are many consultants that do this, but even more that are saying this when they actually want to be the single employee – outsourcing and managing all your outsourced work, and this costs even more money.
My suggestion, is to put the area of your IT up for review. Initially review your needs. Once you have done this, the next best step is to use your network. Chat about your needs to your fellow SME operators, and find out what they are doing and is it really working for them.
I have found that off shore staff if managed well, really can make a big difference, and it is great to see companies like vsm.com.au (Virtual Staff Management) get going. All this company does is manage virtual IT staff for your company. So you don’t have to chase, understand IT etc. Just explain what you want and it is outsourced. This costs a bit more than outsourcing yourself, but then you don’t have to interpret your ideas to IT speak, nor do you have to chase work, or test or anything. Just ask, and you get. Really good option to achieve IT work.
So if you are asking yourself, what is the best thing for your business. Start by clearly defining what IT jobs you wish to do, then review this with fellow managers, and if you don’t have this, get a consultant – or put these jobs up for tender. Even this experience, will give you many options.
Cate Schafing is a successful Australian business woman in the IT field serving as CEO of Accede Holdings Pty. Ltd. makers of Ezymeetz, ICE and Virtual Gym. She develops innovative new technological products as a programmer and entrepreneur. In gratitude for her success her company supports NFP’s by donating $5000 per month in programming time for NFP’s requesting work.