Given the revelations over the past year of the extent to which government agencies have been monitoring and gaining access to sensitive data, not to mention directly tapping into the pipes connecting global organisations such as Google and Yahoo, CIOs would be forgiven if their paranoia levels have notched up a level or two.
Not all roses
Sales people will lead you down a path that looks rosy, but once you jump on board, that may not be the reality.
This may be rather unsettling news for organisations that have or are considering storing or processing some of their corporate information in the cloud. And with pressures for IT executives to provide 24-hour access, from anywhere on practically any device or platform, the options may seem suddenly diminished.
Hosted CRM systems are particularly at risk, given the value of the information that moves to and from the field.
In addition to this, it's recommended that the service agreement clearly outlines where the lines of responsibility lie in terms of securing the data. This can become especially cumbersome if multiple hosted providers are used to delivering a suite of different services.
"When looking at this, flexibility has to be built in order for you to have control of customisations, so that you don't have to worry about what the various service providers are doing," Kirkland says.
Lastly, a level of comfort can be gained if the service provider does regular fire drills to test the integrity of their security measures through penetration testing. This is not standard practice with all providers, and the absence of such testing should be a red flag to CIOs.
First published in the February 2014 issue of ITWeb Brainstorm magazine.
Our comments policy does not allow anonymous postings. Read the policy here