The hesitant attitude of many German companies towards the cloud is largely disappearing. According to IDC market researchers, the number of companies using private or public cloud applications has risen 70 percent compared with 2015, with 63 percent of all businesses now using this technology. Security concerns are by far the biggest barrier to adopting public cloud computing. Fifty-eight percent fear unauthorized access to their corporate data, and 45 percent the loss of data. In addition, 36 percent perceive a lack of legal clarity, and 28 percent believe that legal and regulatory provisions argue against the use of the cloud.
This cautious approach has less to do with hard facts than with a feeling on the part of business executives, due in part to the approach that has held sway until now, of keeping data as secure and protected as possible in your own “fortress” and letting it out as little as possible.
With the prevalence of mobile devices and online apps, and increasing cooperation with external partners, this rule no longer holds true. Data is all over the place. But many small and medium-sized companies lack the time and expertise to develop and implement an up-to-date, comprehensive security approach.
This leads many small businesses to simply ignore the whole cloud topic – which is not a solution. Mobile devices are here to stay, and shadow IT is also a reality that companies must deal with. If a company does not give its employees practical apps to use, they will help themselves and use solutions from their personal sphere. Whether Dropbox, Box, OneDrive, WhatsApp or Facebook – these applications hardly meet the security standards required by business. And their use is often hidden from the IT department, which then cannot control what employees are doing with them.
The first step for a company is to find out how big the problem really is. It is frequently underestimated. IT managers generally assume that employees use about a dozen unauthorized apps, but in reality the number is often closer to 100. Then it must determine which cloud services are used and how often, for which tasks.
Merely prohibiting the apps used without authorization often just leads to dissatisfied workers, making it much harder for them to accomplish certain tasks. Employees might simply end up ignoring the rule – not in bad faith, but just to get their work done efficiently. Instead of banning these apps, they should be replaced by secure applications that are suitable for business use. This requires market research, employee surveys, development efforts for individual adaptations, and test and implementation phases. Many small businesses are afraid of the cost in terms of people and time. And they often lack the necessary risk awareness.
However, there are already many attractive cloud solutions for companies. Whether AWS, Google, Azure, IBM or hosting firms that offer cloud-like services, intense market competition is driving them to offer user-friendly, secure and individually adaptable solutions. What criteria should small businesses use to choose their providers?
Targeted selection of cloud providers
A key consideration for business applications is their security certification. Another is personal support – in both technical and pragmatic terms. Face-to-face explanations and discussions are the basis for long-term, successful collaboration. Still, cooperation can always come to an end, so SMEs need to determine in advance how they will terminate a contract if needed, without too much of an impact. Can emails from a given cloud-based system be transferred to another solution easily? Can data from the cloud ERP or cloud CRM system be easily reintegrated into their own data center? What happens with groupware calendar entries? Even apparently small details can lead to major headaches.
Purely technical requirements are playing an ever smaller role, because most providers can fulfill these with relatively little effort. They should still be examined in full, however. Locating data centers in Germany or Europe is often demanded, which may be justified for compliance reasons for public institutions, financial companies or healthcare organizations. But in many other sectors the compliance requirements are less stringent.
Location is meaningless from a security perspective. Cybercriminals can basically get into any system connected to the Internet, wherever it might be. For this reason precisely, data in the cloud is often more secure than in your own data center or on your notebook. For example, if a hacker gets into an employee's tablet, they can often also access the company server using that person's access rights – like a burglar who gets into a home through the insecure garage door and clears out everything of value from the cellar to the attic.
Cloud solutions are usually exponentially more secure. They not only have multiple access layers, but also segment the areas inside. The comparison that applies here is with a highly secure research building: The entrance has a high gate, a video camera, motion sensors and security personnel that intruders would first have to get past. Cameras and motion sensors are also installed on the grounds, which are patrolled by guards. Even if an intruder gets through the highly secure entrance, there are a variety of additional security doors between them and any of the labs. And generally in cloud solutions, anything that is not explicitly allowed is prohibited, which makes it even harder for cybercriminals to carry out illegal actions.
Aside from greater data security, small businesses can benefit from other advantages offered by the cloud. New applications can be introduced and implemented much more quickly, they can adapt business processes more flexibly to market changes, the costs for updates go down and they save time, effort and money. Many processes are automatically available in the cloud that need to be performed manually or are not possible at all in proprietary data centers, such as utilization analyses, accounting processes or security incident tracking.
Reduced costs, greater efficiency and competitive advantages are the biggest benefits of the cloud for small businesses, so today no company can afford to do completely without it. A hybrid system combining familiar applications in your own data center and cloud solutions gives you the best of both worlds.
According to the German Federal Association for Information Technology, Telecommunications and New Media (BITKOM) Cloud Monitor, however, 31 percent of German companies fear that public cloud solutions are too hard to combine with in-house systems. This is partially justified. Companies have to check how well the existing CRM system, for example, can work with cloud solutions. Proprietary developments often present major challenges. Still, many modern systems already have interfaces that can be integrated into cloud solutions with little difficulty. Companies should think about switching to an application that is purely cloud-based or can be used in hybrid form.
This is also true of security solutions. Cloud and on-premise components should be subject to the same centrally managed and implemented security systems. So these solutions should have agents for the cloud offers being used. They should also be able to share knowledge, such as newly discovered ransomware, with solutions from other manufacturers, because only strong transparency across all systems provides assurance of a high level of security. The customary pattern-based approaches such as firewalls and intrusion detection systems (IDS) are no longer enough. These should be supplemented with self-learning systems using artificial intelligence, to ensure protection from unknown threats.
A cloud migration does not happen overnight with one big push. Small businesses should formulate a strategy for working with the cloud: While this requires a certain amount of effort, it is far less than what the risk of doing nothing might lead to. Experienced consultants can provide valuable insights, and manufacturers can develop tailored applications in a matter of a few weeks, which can be introduced step by step. For example, new functions might first be made available in the cloud, and then the in-house solutions gradually eliminated. Frequently, intelligence and computing power are maintained by the cloud, and user interfaces in the in-house data center.
This is also true for security as a service: The entire security management can be outsourced to the cloud, where a managed Security Operations Center (SOC) immediately sends alerts in case of security events, and the company can respond quickly. When an incident is discovered and resolved within an hour, the damage is usually significantly less than with later discoveries.
Like it or not, small businesses have to deal with the cloud these days. Otherwise employees will use unauthorized cloud applications to do their work more efficiently – with the corresponding risks. Companies that use secure, uniform cloud applications that are designed for business needs are more efficient and flexible, and gain a major competitive advantage in today's dynamic market. The reverse is also true: Those who ignore the cloud will threaten their market standing and could even be risking the company's continued survival. And cloud applications can be introduced and integrated into business processes with very little effort these days. Getting into the cloud is easy with the right consultants and providers.