In a recent Harvard Business Review survey, Cloud Computing Comes of Age, 62% of 376 CxOs surveyed expressed data security in the cloud as a top concern.
Does this mean you shouldn’t put ERP data in the cloud? Some used to believe that. Another survey from Gartner and FEI, Critical CFO Technology Needs, shows that thinking is changing. Recently, 53% of CFOs surveyed have said they have come to rely on the cloud to store and process their financial data versus 21% in 2013. Why the shift?
The truth is that some have found that there are certain cloud providers that put more focus, investment and resources into cloud data security than they and their own staff ever could—reducing IT costs and risk.
Yet most of the early cloud providers and even some of the new ones focus on reducing their own operating costs by underfunding secure database management and by disguising the riskier multi-tenant approach to cloud as a benefit to the customers. And sadly, this approach does not really benefit the customer.
Needless to say, as you start the process of vetting cloud providers, data security, cost and processing power in the cloud should be examined carefully, especially in high-volume transaction environments such as telecommunications, financial services and others. As an aid, we have put together 5 questions that can help you decide on choosing a secure ERP cloud provider.
All types of companies are offering ERP cloud services and some are doing it at bargain-basement prices. You’ve heard the old adage “you get what you pay for.”
That is not the way you want to go with critical finance data. You want a provider that invests heavily in cloud security, invests in building in data security at every layer of the stack, and one that hires and trains a team of cloud security experts who proactively monitor, guard and patch potential problems before they occur.
When evaluating the viability of your cloud provider, you should be asking:
When evaluating a cloud provider, it is important to ask if their cloud is designed to be secure at every layer of the technology stack. Investing in and designing security measures and options at every layer—starting from physical data center security to network, hardware, chip and operating system, as well as to storage disk, database, platform and finally the application layer—can make for a very secure cloud. Here are some high points from each layer to consider when choosing a secure cloud provider:
Many SaaS providers encourage customers to put their vital business data into their multi-tenant cloud servers. They do so because it is a much less expensive option for them. Sadly, those savings are rarely passed on to their customers.
This practice exposes data to great risks and exposes your business to potential processing slowdowns.
As an example: most multi-tenant cloud providers cram as many customers as they can into the same limited data space, restricting high-performance processing and concurrently placing all their customers’ data together, increasing risk—all because it is far cheaper for the cloud provider manage all their customers’ data in one database.
This inherently increases risk. Your business critical data could be inadvertently accessed by others, even competitors. Something that is commingled is not more secure than something that is isolated. Simply stated, a multi-tenant cloud provider is not the most secure for storing and processing your ERP data in the cloud.
Another drawback to multi-tenant cloud design is processing performance. In a multi-tenant cloud architecture, your transactional processing speed and reporting performance may be affected by “noisy neighbors.” For example, if one of your co-tenants is doing massive payroll updates or high-volume computational financial transactions, this can greatly slow down processing that you need to do quickly—such as a period close, for example.
Now, compare this with secure data isolation architecture. In this instance, your data is physically isolated from other customers’ data. And, your performance (processing time and reporting performance) will not be slowed down or compromised due to the volume of work they may be processing.
Lastly, in a multi-tenant cloud, the cloud provider dictates when you upgrade because all customers must upgrade at once. What if their timing isn’t best for your business? Let’s say you are a retailer and your cloud provider decides to perform a time-consuming upgrade in a month that is peak for your business. You cannot opt out of that upgrade and that may impact your business at the wrong time. Look for a cloud provider that allows you to choose when to upgrade.
Does your cloud provider offer unified access controls globally? Does your cloud provider have unified access controls between on-premises systems and cloud-based applications? These are important questions.
Global access controls are vital because they provide role-based access so that only qualified and sanctioned users have access to specific data and certain functions based on their role. And, with global access controls, employees and even contractors who leave the company are systematically removed from all application access easily and consistently. When these global controls are in place, it reduces risk that former employees or contractors have access to your critical data and business information.
What about the topic of “local data residency”? This means enabling the option to keep your data in a data center within country or regional boundaries.
There are a myriad of standards for data protection and local data residency. In some cases, every country or region can have its own requirements. With these rules/standards changing often it is almost impossible for you to keep track of all the standards and changes globally. The rules vary country by country especially in Europe, the Middle East and across Asia Pacific.
In addition, many sectors, including government, healthcare and financial services, require compliance with industry-based data privacy and security standards.
A top-tier cloud provider will have a broad compliance portfolio which will help you with industry and country standards both from a data residency and compliance standpoint.
We all know the benefits of cloud. Yet, it is important to mitigate risk when moving your important data to the cloud, especially financial data. In addition to reducing risk, lowering costs, increasing agility and allowing for faster innovation, an advanced cloud provider can give you secure data management concurrently in the cloud and on-premises, while bringing you peace of mind. For more information you can download the executive brief here.