Hasty cloud adoption increases companies’ risk profile
Because data stored in the cloud is accessible on the Internet, it creates opportunities for cyber terrorists, unlike a dedicated server at a secure location.
The relevancy of the cloud will soon begin to wane as more decision-makers come to acknowledge the hype for what it is and realise that cloud computing is not all it’s cracked up to be. This is the view of CRS Technologies General Manager Ian McAlister, who says that while cloud computing holds several benefits, organisations need to think carefully before migrating all their functions to this environment.
“There is no doubt that data has become fundamental to business growth and cloud computing has transformed the business landscape over the last two decades. This being said, valid concerns around the availability and security of data stored in the cloud continue to hamper its adoption. This is especially true for sensitive information such as HR and payroll."
According to McAlister, the cloud has failed to deliver on the cost benefit that the market eagerly anticipated when it was first advocated, and it is also not the impenetrable security haven that its proponents claim.
“On the contrary," he says. "Because data stored in the cloud is accessible from anywhere on the Internet, it has merely served to create huge opportunities for cyber terrorists who love nothing more than a good hacking challenge. All it takes is a disgruntled employee or a careless password security to leave your system vulnerable to a cyber attack.
"Consequently, decision-makers contemplating a migration to the cloud need to familiarise themselves with the differences between the various cloud platforms available and to fully understand the pros and cons of each.
“Data in a public cloud environment is accessed through the Internet, which means it is significantly less secure than its private counterpart, where companies have a dedicated server at a secure location, with applications that can be customised to their unique requirements."
While the latter model is ideal for HR and payroll departments, given the sensitive nature of the information they deal with, McAlister recommends the hybrid cloud as a more practical approach. “Companies can enjoy the flexibility and computing power of the public cloud for non-sensitive tasks, but keep business-critical applications and data on the premises,” he explains.
“Storing sensitive HR and payroll data on-premises not only renders it more secure, but ensures much quicker access to the information, because users don’t have to contend for bandwidth or be concerned about downtime.
“Consider, for example, the slowdown in Internet speed during the recent undersea cable breakage and its impact on the timeous payment of employees’ salaries. Now imagine the financial and reputational fallout for an organisation whose information is lost, compromised or becomes unavailable owing to the cloud storage provider going down."
Another important consideration is that of regulatory compliance, McAlister continues. “Data must be stored and maintained in accordance with the Protection of Personal Information (POPI) Act, which is expected to come into effect soon. Companies which fail to comply with this legislation will be held accountable through harsh penalties and even jail time if their data is compromised in any way. This responsibility may not be shifted to the cloud storage provider, regardless of what your contract may state.”
Information has become mission-critical to the running of a business, and HR and payroll are rapidly becoming one of the primary sources of data that enable CEOs and top management to make decisions affecting the strategic direction of the organisation. Consequently, companies must be aware of the implications of where their data is stored – from a cost, security and legislative point of view – and ensure that they take full advantage of the business benefits offered without compromising on their competitiveness.