“We can’t have our data in the cloud!”
How many times have you heard this familiar objection? In any discussion of cloud storage and data centers or Software as a Service (SaaS) licensing and delivery models, it seems there’s always a naysayer in the room—typically grumbling from a corner cubicle to insist that the cloud is too risky and unreliable.
If you think cloud solutions are less secure than more familiar on-premises models, let’s explore a few key facts.
Myth #1: Your data is more secure in your data center
Wrong. It’s not physical control of the data that determines security, but rather, access to that data. When your IT hosts a system in your data center there is more physical internal access than a SaaS solution.
In fact, data breaches usually occur in on-premises data centers. According to a 2014 Gartner report, “there have been very few security breaches in the public cloud—most breaches continue to involve on-premises data center environments.”
When you think about the most prominent data breaches of the last few years—Home Depot, Target, Sony—all are corporate data centers and not tier one cloud vendors like Amazon Web Services.
Case in point: Security journalists like Krebs have widely publicized that the 2013 Target breach was caused by a HVAC vendor.
Myth #2: You’re different
No, you aren’t. Unless you’re in the defense, military, intelligence, or aerospace industries, you don’t review nuclear launch codes or stealth jet locations and need to be protected under 2000 feet of granite in an underground bunker. Most Global 1000 organizations and governments are exactly the same in terms of processes and security needs. Financial statements, IT processes, and third-party risks are almost exactly the same across the globe.
The US Government has a “Cloud First” IT policy. According to the US General Services Administration, “The Cloud First policy mandates that agencies take full advantage of cloud computing benefits to maximize capacity utilization, improve IT flexibility and responsiveness, and minimize cost.” If cloud encryption can satisfy the regulatory and security demands of the world’s biggest democracy (and arguably, the top global cybersecurity target), then it’s certainly worth a closer look for other organizations.
Moreover, at this very moment, your organization may be using more cloud services than you realize. For example, many companies are reluctant to implement virtual storage and cloud-based software, but managers, board members and, yes, those vocal naysayers, probably don’t realize that their entire IT system is actually backed up to the cloud.
Myth #3: Your IT department manages third-party systems better
No, they don’t. Your IT team’s strength is keeping your mission critical systems running. And IT has become overloaded with the proliferation of devices and business needs.
For example, even a small company may have hundreds of different business systems that IT must procure, manage, implement, and upgrade. With every organization facing budget pressures, how can an organization grow without getting tripped up by expanding technology needs? Austerity is forcing CIOs to shed expensive infrastructure costs in favor of more sustainable cloud services…and optimizing IT capital and resources is one compelling reason to take your systems off-premises.
Myth #4: The performance is better in your data center
Nope again. Not only is it worse, it’s way more expensive and it cripples your IT department from doing their mission-critical work. Planning the implementation, researching server specs, buying hardware, hardening the OS, performing backups for the next major version upgrade—it sucks the life out of both your IT and your ability to work using software that is modern, dynamically updated, and responsive.
So, what does the cloud have that can’t be delivered by on-premises systems?
You get all the upgrades. A big benefit for the IT team (and the people who rely on them, which is all of us), a SaaS model provides free software upgrades, helpful changes and peer-requested features, and the reassurance of a dedicated team building and improving the tools you rely on every day. If you use an on-premises solution, it could be years before upgrades are available.
Employees can be more productive. We all know that business is moving faster than ever, and your teams need to keep up. Don’t kill their flow with a slow VPN or an outmoded, old version of mission-critical software.
Time to value. It doesn’t matter how good your IT team is, nor how lean and lightning fast your procurement team is—from issuing POs for server hardware, unpacking the box, reading an 85-page configuration manual, then customizing all the data levers and customization nozzles—the time to value for your team to begin working is measured in quarters. Rather, ACL GRC is provisioned in minutes, and most large-cap organizations are automated and executing their work within 15 days.
You eliminate hidden costs. Can you really afford to be stuck with on-premises software that you need to install, maintain, and manually upgrade? Let’s look at a typical install for an on-premises system. The initial implementation, onboarding, and purchase costs will easily reach six figures in multi-billion dollar organizations and government agencies, plus your IT team will need three focused months to procure the servers, set up and configure the system, and roll it out—all without disrupting operations or creating excessive downtime. When a bug or frustrating defect emerges, users will be forced to endure at least three years of hassle and compromised productivity. Eventually, you’ll upgrade to the next version and go through the same cycle, with the same high costs.
The ACL GRC platform was deliberately architected using a SaaS model in order to overcome the very challenges, costs, and limitations directly imposed by older-generation on-premises technology. Now, updates and new capabilities are streamed into the platform through small, incremental changes delivered on a near-real-time basis. Cloud delivery lifts the burden on your IT team, so they can focus on more important activities, such as minimizing risk and increasing productivity.
The bottom line? Business—and governments—have moved to the cloud. Whether you work in compliance, finance and accounting, legal, IT, internal audit, risk management, or beyond, the cloud is lean, agile, reliable—and yes, secure.