I have noticed a trend of late an overwhelming trend of companies losing control of their cloud based data. A common thread is people leaving troves of data unsecured in Amazon Web Serivces (AWS) S3 buckets for all to see. Databases, personnel files, strategy documents, it seems like no one is immune from such buffoonery. It would seem there is a fundamental break down between the architects designing the cloud based solution, and the techs provisioning and maintaining such instances.
Security and stupidity aside, almost every business and individual keeps data secured in the cloud. It’s a part of todays technology society. Data storage and social media are the two biggest data sets for most cloud users and you can see the appeal. With a virtually unlimited supply of storage, the façade of security through replication, and bargain prices it seems silly for most to keep their data local.
It appears every week there is a new “latest and greatest” cloud based tool that solves some apparent problem.
Although it is appealing how do you control the data, maintain security controls, and ensure sensitive information doesn’t get into the wrong hands, do I have the internet bandwidth to make this suitable? It seems few people ask these questions before diving head first into a cloud based solution.
Personally I love cloud services. Both as an individual and a business owner the value the “cloud” has provided is immeasurable. We use a range of services including:
- Office 365 for email, scheduling, calendars etc
- Dropbox for Business for all document storage and sharing
- ConnectWise (Hosted) for all key business processes and management
- Xero for accounting
- Hootsuite to co-ordinate marketing and social media interaction
- Zapier to integrate our various applications together
As you can see the list starts to get rather lengthy, and starts to add up in dollar value. Looking back even five years we would have to have a small server farm and a full time administrator just to tie all these services together with custom code, and generate enough heat to warm a mansion. With all the efficiencies the cloud has to offer why wouldn’t we take advantage of these solutions?
Businesses should be risk averse entities, wary of any wonder solution to a problem. The issue, as I see it, is people are caught up in the whirlwind of the what the cloud has to offer and are not considering the potential risks to their businesses. There are a few key questions to ask before jumping into any new offering:
- What exactly am I trying to solve with this product, does it meet these requirements?
- What is the true cost of the solution? Does is work now and scale for future growth?
- Are there any limitations to the program? Am I limited by users, storage, usage limits?
- Can I control access permissions easily? Do I really want my new hire to see confidential information?
- Am I bound by any regulations that limit where or how I store data? Medical, Defence, Legal industries etc.
Most importantly, and I can not stress this enough:
Who owns my data? How can I get my data back if I want to change platforms in the future?
It is absolutely negligent to utilize any new service before you have answers to the above six questions, all with satisfactory answers!
A great example of data ownership is Facebook. If you haven’t, get a large mug of coffee and have a good read. One of the most alarming paragraphs is 2.1, Sharing Your Content (an ominous title!)
“For content that is covered by intellectual property rights, like photos and videos (IP content), you specifically give us the following permission, subject to your privacy and application settings: you grant us a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook (IP License). This IP License ends when you delete your IP content or your account unless your content has been shared with others, and they have not deleted it.”
Do me a favour and re-read that quote. The jist of that statement is ‘anything you put on Facebook is ours and we can do with it whatever we like.’ Now that isn’t limited to Facebook, it seems to be the industry standard for social media networks.
Other services such as Dropbox have easy to read Terms of Service documentation that stake no claim over your data whatsoever. There is a stark difference between what is published to Facebook and stored on Dropbox but wide spread difference is there.
The long and short of it is DO YOUR HOMEWORK! Don’t fall into the trap of finding something that’s easy to use only to find out your data isn’t actually yours or is hard to get back. I have fallen into this trap with Quickbooks Online and I am still kicking myself because of it!
As a sole trader or a small team it’s easy to keep an eye on where all your data is at any one time. There might be a dozen or so services you use, with a limited amount of data in each. As an entity grows it becomes increasingly more difficult to maintain governance (control) over the data.
IBM have an outstanding report they publish each year that discusses the cost of data breaches. This year the cost for each lost data record was $141USD. Think about how many records your business has, it starts to add up rather quickly!
Data governance is a huge topic but it is distilled into eight key principles. I will save you from me droning on about how this all works but the core goal is to have standardized, secure data, with the agility your business requires without taking unnecessary risks.
A key risk, outside of security and governance, is data duplication. Its great to stick a bunch of data in the cloud but how do you take advantage of this? I have seen far too many people invest serious capital on a fancy cloud solution and it never be used to its potential. Data gets lost, mis-filed, or just stored multiple times making updates and uniformity difficult.
I am sure you are thinking “That’s great Doogie, but how do I make sure I am making the right decisions?” In short, research and learning. Don’t jump into a decision without asking the right questions and ensuring you have the most cost effective, simple answer to your problem. If you are unsure what the right solution is or how you can increase your return on investment speak to a professional who can help you in through the process.
In our business we offer clients the framework and tools to succeed by following the five core phases of the project:
- Business Audit – What is currently in use, where are the inefficiencies or breakdowns in process?
- Goal Setting – What are you trying to achieve, how do you see the solution working in 3, 6, 12 months?
- Process Design – How do we achieve these goals?
- Implementation – Achieving your goals and mitigating risks along the way.
- Review & Monitoring – Ensuring the goals and processes are being followed, adjusting as required to suit the business
What is the answer?
That is the million dollar question isn’t it? The best answer is every entity is different so there is no single best answer. The optimal outcome is to work with a trusted partner to design and implement the tools and services that enable your business to succeed. Each business is different, so too is the solution.
I mentioned in a previous posting embrace technological change, and I sincerely believe it’s the only way to succeed. Don’t fall into the trap of using the first solution you find, it usually isn’t the right one!
The “cloud” is a buzz word, look for services that enhance your business offering without increasing complexity
Answer the six key questions about any service, most importantly “Do I own my data?”
Look at the entire solution, not just the marketing hype. Is this the right solution moving forward?
If you don’t know the answer, ask! It’s always easier to implement the right solution first than swapping platforms in the future
Every business is different, don’t copy the next guy, design a solution that works for you!
As always, let me know your thoughts on social media or in the comments below. If you have any questions about how the cloud can improve your business shout out, we are here to help!
Connect with me via:
Phone: +61 4 0525 9005