Cloud security: Five key considerations
Ahead of the ICAS Insights: The Business of Technology event, Philip McNeill looks at five key aspect to consider before moving to the cloud.
1. Don’t be fooled by the imagery
Imagine ‘the cloud’. It’s fast, it’s available, it’s everywhere. The imagery associated with it speaks of freedom, lack of walls, lack of boundaries.
But the cloud has a physical location and it’s much more likely to be a subterranean bunker than a mountain-top office under a clear blue sky.
Take account of the gritty reality, and assessment of the security aspect becomes more sober. This is bricks and mortar, multiple hard-drives. Think interconnected pieces of machinery the very interconnectedness of which makes them vulnerable to chain-reaction attack.
The marketing director may opt for Game theory Maximax – expect the largest possible return and the best of all possible outcomes. But most auditors and accountants would benchmark with a more sceptical option – like Minimax Regret and hedging losses.
When it comes to cloud, are we in danger of assuming, even subconsciously, the best of all possible worlds?
2. Look out for the obvious
With cloud, there are myriad business advantages. It’s sophisticated: works anywhere; enhances collaboration; networks globally; reduces on-site storage. There’s immediate flexible capacity and scalable storage.
But it’s often the most obvious and the least sophisticated issues that cause big problems.
This was Amyas Morse, head of the National Audit Office, commenting on the 2017 WannaCry attack: “It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice.”
Setting aside all the sophisticated anti-spyware, what damage could one disgruntled employee do? Or one email sent to the wrong address? What about passwords that can be too easily guessed or data that is unencrypted?
3. Does it work for you?
As Alexander Taylor, author of ‘Marooned - Data Centres and The End of The Digital World’ put it:
“There is a growing perception amongst data centre security professionals that, by embracing all-things-digital and plunging headlong into the cloud, we have put all of our eggs into one fragile basket.”
When it comes to IT, don’t just follow the crowd. Ask: will it work for me?
4. Do your due diligence
In the modern world, some ideas gain a momentum of their own. Crypto-currencies, like bullets, come in a variety of shapes and sizes. And some are more effective than others. As the recent Coincheck losses indicate, embracing all things new can come with a big price tag – 46 billion yen in this case.
Research and research some more, before you join the cloud.
5. Someone else’s risk?
With cloud, someone else is looking after your data. Sigh of relief? When the Massachusetts Institute of Technology highlights its top risks for 2018 and ransomware targeting cloud services is on it, how easy can we sleep?
Cloud and tax data
Cloud isn’t just about business data; increasingly it’s about tax data.
CAs, by training, are used to assessing risk. As HMRC races towards a digital future, it might be as well if we keep an eye on every stage of the development. Get involved in the pilots. Add our seasoned comments.
Because while a digital future has a lot to offer, it may not turn out exactly as the label on the tin suggests.
ICAS Insights Series - with Investec Wealth & Investment
We are delighted to host the ICAS Insights series, in association with our Principal Partner Investec Wealth & Investment.
These flagship events showcase the very best of what ICAS and its membership represent. We’ll bring you closer to top CAs working in senior roles for some of the best-known brands across six key areas of business today – food and drink, technology, retail, media, sport and culture and entrepreneurship.
Each event will be led by an ICAS chair, and will feature a handpicked line up of exceptional CA speakers. We know you love hearing successful CAs talk about their career journeys, challenges and achievements.
Come and learn from the best, so you can be your best. The next ICAS Insights event – The Business of Technology – is taking place on the 27th September.