By Michael Sellai, Partner, Advisory
Ever since the first database was created, people have been asking a fundamental question about data security: Is it really possible to keep information stored on computers safe? And while the question hasn’t gone away, the realities of how we use technology have fundamentally shifted over the past two decades. The introduction of the internet in the 1990s removed the physical factor from data protection, as you no longer needed a hard drive or floppy disk to send data virtually anywhere in the world. But soon after, high-speed internet and cloud computing took it all a step further. The majority of businesses use cloud technology, but organizations must create and maintain security protocols that allow them to enjoy the benefits of decentralized technology structures while still protecting their proprietary data.
We all use the term “the cloud” to describe data that is not stored on premises behind a corporate firewall. This can include an almost infinite number of tools, databases, servers and applications, including ERPs, HR systems, accounting software, billing software and custom software. All of them may store sensitive or personal data. If there’s uneasiness around the amount of data in the cloud, it’s because the more that data is decentralized, the greater the chance there is for data loss, data breaches, malware attacks, and other problems. At first blush, you might think that all these dangers mean your data is more vulnerable than it would be on on-site systems. But as it turns out, it’s not quite that simple.
Sure, having data on the cloud means that it’s theoretically open to more threats. But it’s also guaranteed to be protected by more safeguards (unless you do something like upload it to a publicly shared folder that has absolutely no privacy protections on it, which is actually how a surprisingly high number of data leaks happen). Data correctly stored in reputable cloud services, by comparison, is protected by robust user access permissions, the latest and best encryption, and more. On top of that, cloud storage solutions keep themselves up to date with the latest software updates, ensuring your data doesn’t become vulnerable from running out-of-date versions or failing to install the latest security patch.
Virtual Private Networks (VPNs) add another layer of protection, making everything even more secure — including your connection to the cloud. VPNs work by creating an encrypted tunnel between your device and a network, making it nearly impossible for would-be eavesdroppers to spy on your data or online interactions.
Of course, there is no single approach to cloud security. Multi-factor authentication (MFA) has become a common way to verify people trying to access secure data, whereby instead of just typing in a password online, users must verify their identity by responding to a text message or using an app on their phones. Zero-trust policies — where the system requires repeated confirmation of identity and permissions to make changes on the platform, instead of the traditional model of “log in and move freely about the network” — are often used to provide extra security by treating every interaction, no matter how seemingly mundane, as a possible security threat. Even anti-spam tools play a role in ensuring data security on the cloud by preventing phishing and malware attacks.
Business leaders are right to be concerned about the cloud because data security is so fundamental to success, and poor security can erode public confidence and create regulatory headaches. But outmoded misconceptions about distributed computing are preventing many organizations from making decisions that optimize their operations while at the same time providing the highest level of security for their data. That’s why forward-thinking companies turn to BPM to figure out what the best practices are for protecting their data while minimizing the effort and cost of data storage and management.