By: Jeff Siegel
Owner, Siegel Solutions, Inc.
With more and more applications being accessible through the cloud and constant news of hacking, ransomware, and stolen data happening around us, security is on everyone’s mind. It is logical to assume that data that is being compromised is “in the cloud” at a cloud provider, but in reality, much of this data is actually being hacked from on-premise servers that do not have the security a cloud provider would have.
As accounting professionals, we tend to have two major concerns when it comes to cybersecurity:
- Will I, or will my clients, lose access to critical data?
- Will important information be taken from my data?
I used the paraphrase “in the cloud” above because, while many people claim that their data is “in the cloud,” the fact of the matter is that their data is sitting on a physical server in a physical location that is accessed through an internet connection. These are either on cloud provider servers, which are located in specially built buildings with security, full back up capabilities including redundant backups to other servers in other locations, or servers setup by various companies to allow employee access to data remotely through the internet. This is more common with the various technologies available to companies and the need to allow a virtual or physical workforce to access company data.
That brings us to this question: since the data is sitting on a physical server in the first place is it safer in a “cloud provider’s” facility or in your own office? To answer that, we need to look at the potential threats to our data.
Your “Cloud” vs. Cloud Hosting
Since most of our data is accessible through the cloud either using your own infrastructure or a cloud provider’s, let’s look at why it would be safer use a cloud provider’s infrastructure instead of your own.
- Physical damage can occur more easily due to access to the hardware by employees, contractors, and other professionals in the office environment
- Firewalls, either hardware or software, may not be continually updated and are expensive to monitor
- A true backup policy and procedure may not be in place, or redundant hardware may not be in place to ensure continual access in the event of an issue
- Security breaches may not be detected
- Permissions in many cases are very lax and allow for access to critical components of a server or directories where files are shared
- There is no dedicated personnel to ensure security of the server is monitored
- Ports to the internet are left open or are opened for certain software, allowing for security breaches
- Viruses can be unwittingly downloaded by employees
- Secure facilities that are locked down to physical access, in climate controlled fire-retardant buildings with security cameras, security guards, and access controlled servers
- True ongoing backup that goes back months if the need arises to bring back data
- Backup servers, in other secure facilities, that are not in the same location
- Ongoing patching and security updates
- Constant updating of the technology environment as new technology helps with security, speed, and access
- Software in place to monitor any potential virus threats or downloads
- Full-time personnel that monitor the environment, test applications on the environment for any security lapses, and support the end users
It truly makes more sense to use a cloud provider for the above reasons, but the main point is, let’s not be fooled into thinking that if the data is local, it is secure or more secure than with a cloud provider. Data that is accessible “through the cloud” is so much better protected because cloud providers are equipped to protect our data and are in business to do just that. Accounting professionals and their clients should be focused on growing and managing their businesses and not on trying to protect their data in their local environment.
If your computer is connected to the internet, then your data is in the “cloud,” either because it is setup for remote access or because it is vulnerable to sophisticated hackers. That being said, I would say a true cloud provider is better suited to protect our data then we are. It’s their business, not ours. Whether your data is in the cloud or on your local servers, here are some tips to keeping your data safe:
- Use complex passwords and change them frequently
- Do no open email attachments sent to you from unknown sources
- Backup your data locally and offsite
- Use cloud services that encrypt your data
- Install anti-virus software
- If possible, hire certified security professionals to test the sophistication of your data protection
- Limit access to your data to only the people that need it
- Store sensitive data on trusted, secure hosting providers instead of on-premise servers that might be more susceptible to security breaches
Think your client, colleague or customer would find this valuable? Share it now…