
Your questions answered: “If it’s Cloud, do I need ongoing support?”
In 2020, 60% of small to medium businesses migrated to the cloud. It’s increasingly seen as the way to go for easy, flexible access to critical data and applications. Everyone’s using it, so can – and should – you set up and manage Cloud yourself? Here’s what our MD James Ratcliff has to say…
“In principle, you’re on the right track. But – and it’s a big but – if you’re not assessing your business, how it operates, and the risks of implementation, you could run into problems, fast.”
Cloud is more complex than you’d think
“Cloud might sound like a simple solution, but it’s not in practice. With more features and specification comes complex configuration to make it work for your specific needs. There’s also the risk of leaving something open or undone in the process. Unless you know what you’re doing, there’s a high probability of missing out – either on security or in simply getting the most from your cloud investment.
“Single sign on is great for a number of reasons: it makes cloud applications effortless to access and is less clunky. It’s what we’d call ‘better security hygiene’, as you don’t have lots of passwords to deal with. You can move between systems with one set of accounts rather than separate logins for each service. But single sign on isn’t as easy to implement.
“Keeping records and making sure you apply settings consistently is crucial. If you don’t get it right, you open up more gaps than you’re trying to close.”
There’s a cost to getting it wrong
“I can think of plenty of systems in the Cloud which have the ability to be very secure. But if they’re not locked down properly, you could be sharing your data publicly without realising. In fact, this happened to an organisation we know.
“They set up a cloud document system without bringing in the professionals. It was storing highly sensitive information but they hadn’t secured it properly. Unwittingly, they’d left an open door to databases, records and spreadsheets of critical data. It was so serious, the breach had to involve the police.
“Most of the defaults Cloud storage comes with are there to make them easy to use. So it’s on you to configure the settings to your business. For instance, the default might be that anyone with a link to a document, which might contain sensitive or confidential information, gets access to that data. Is that what you want to happen?”
Backups are still important
“Then there’s backups. The default in Cloud systems seems to be that documents go to the recycle bin where any user can empty it. That should ring alarm bells for most businesses.
“In the days of servers, you’d have backups running – something like a ‘grandfather / father / son’ rotation that ensured there would always be extra copies of data that went back over a long period of time. With Cloud, that just doesn’t exist. All the major Cloud vendors warn users that they should have their own backups in place – it’s even in Microsoft’s T&Cs. And, if you don’t implement even simple measures like multi-factor authentication (MFA) there’s a strong risk of data loss, either an external breach or simple internal human error. Either way, that data could be lost forever without backups.
“It happens more often than you’d think. It’s better to put these measures in place before – not after – it happens.
“Ultimately, Cloud needs to be strategized, implemented and managed very carefully. This should really be done by an IT partner that understands your business and can work with you to meet your goals.”