As technology evolves, more and more companies are adopting online collaboration applications within the workplace. Not so long ago, this practice was considered only for home users and techies. Security was the number one concern back then, and providers like RIM and their Blackberry service did a great job of providing email and messaging service, which is considered secure.
In fact, the platform is so secure that the service providers offering the service have no visibility into the messaging platform at all. Suddenly, corporations had a secure mobile messaging platform that met all security requirements. Yes, life was simple back then. We got up and went to work, logged into our computers, opened locally installed applications and accessed data stored on the server in the back office, and went about our day.
However, something began to change, the mobile workforce. The laptop of the 2000s was the last generation of laptops to be called a laptop. It weighed about the same as a stack of bricks and the battery only lasted an hour, and if you could tolerate the heat it gave off while resting on your lap, you might as well become sterile! The cost of a laptop was almost three times that of a comparable desktop computer.
Therefore, only top executives or the elite had one, and they were seen as a fashion accessory, as everyone at the CxO level had a personal assistant or secretary to answer or write correspondence. Once laptops became smaller, more portable, and cheaper, the VPN came along to connect them to the office and provide secure access to email, files, and applications. The concept of mobile workforce is nothing new, insurance companies, banks and sales organizations have been doing it for decades.
What has changed is the efficiency with which these organizations operate. Efficiency has been enabled with technology. Today, every mobile salesperson uses a laptop, and this has meant the demise of the branch as a collaboration hub. Today, entire global organizations have reduced costs and increased productivity and efficiency by having their staff operate from home, the airport, on the road, wherever.
Gone are the days when you left at 5 pm and forgot about work until the next day. Technology has meant that we never stop working or thinking about it, even during vacations. Fast forward to 2012, the corporate data center is being replaced by cloud computing. Entire data centers are being virtualized and the mobile workforce is connected to shared resources hosted on the Internet, rather than the corporate headquarters.
Today, it would seem that many multinationals have thrown caution to the wind by embracing cloud computing and third parties, which host their sensitive corporate data. Organizations are supporting employee BYOD, relaxing security protocols once in place, and essentially trading security for efficiency and operational ease.
What has fascinated me about this transition is witnessing the change in corporate mindset. Going back ten years or so, multinationals wouldn’t even entertain the idea of having their data managed by a third party, let alone the concept of keeping it all in the cloud. Like everything, cloud computing has its advantages and disadvantages. This article is about the technological revolution and how much we are willing to compromise.
Let’s look at four scenarios where cloud computing can be compromised and affect businesses.
1. Corporate espionage
Today, Skype and other online calling services are used more and more for business purposes. The convenience and costs are incredible, a video or audio conference can be set up in seconds, and the quality is pretty good too. However, although Microsoft, which owns Skype, does not record conversations, the provider retains all session information for quality purposes. The seller may share this information with a third party to improve the quality of the service.
A large amount of information will be reported, such as IP address, username, type of computer equipment, number of calls, duration and location. So now an unknown third party knows his IP address scheme, internal and public, the types of computers on his network, what parts of the world he calls and how often. If you are using instant messaging services, chat conversations are also available in unknown public space. Do you mind? IBM recently prevented its employees from using Apple’s SIRI voice application on their iPhone smartphone, as Apple was not content with anonymizing user session information.
In a cloud environment this is no different. Even if your workforce connects to a virtual dedicated server appliance using encryption, the source and destination IP addresses are still available, and the volume of traffic per session is still available in firewall logs operated by a third party. From a forensic point of view, I know where your sales force is in the world, and if a spike in data activity occurs in a specific region, it could also provide a valuable indicator for a competitor.
2. Loss of Data (Intellectual Property)
Let’s say you move all of your CRM operations to the cloud. You can lower your operating costs by not having to maintain IT staff and data centers. For your sales force, this is the gold mine that keeps your business running. Something happens to your cloud provider, a new unknown virus sweeps all hosted virtual servers and deletes your data in its path. In the old days, a backup tape could get you up and running after an outage.
But, let’s say the provider’s automatic backup and the snapshot you made in the cloud are dead. So what? Amazon EC2 experienced an outage in one of its data centers, admittedly it managed to restore service fairly quickly. However, ultimately, you are at the mercy of the provider, if you don’t have a strong local backup solution. How fast can you restore a local backup? Do you have a tried and tested disaster recovery solution?
3. Criminal prosecution
In the old days, if your organization was suspected of unfavorable activity, the authorities needed to obtain a search warrant, sixteen computers, and generally you had the impression that something was up. Today, under the United States’ sweeping terrorism search and seizure laws, a third party hosting your data is required to open the backdoor to your operations, and most likely without your knowledge.
What happens to your sensitive data once it has been thoroughly reviewed and determined to have no impact on the investigation? Data is quickly erased and obviously forgotten! This is the main reason why European companies are so slow to adopt cloud computing. European privacy laws simply don’t translate internationally.
4. Privacy
As the cost of a megabyte of storage gets lower, your browsing history, online documents, and social network connections—both personal and professional—are interconnected, working together to build a profile of who you are. From the online vacation tickets you buy each year to the box of fishing tackle you paid for with Paypal, every description and detail of your online activity is recorded and stored forever. Cross-referenced with your business connections and activity, these third parties can calculate how much you earn and even when you get paid.
Free lunch!
Is there such a thing as a free lunch when it comes to the Internet? You can be forgiven for thinking it exists. Free 5 Gb of disk storage, free Internet calls, free email account, free instant messaging, all of these things come at a cost, your privacy. Who would have believed twenty years ago that something as trivial as your email address would be worth anything to anyone?
Targeted advertising, based on your clothing purchase, is designed to funnel most of your spare change in the direction of advertisers who collect, store and correlate your online activity. With a billboard on the side of the road, the advertiser doesn’t know how effective the ad is, how many people called as a result of seeing it. With online advertising, confirmation of success is based on a click of the mouse, so the campaign can be instantly adjusted to be more effective. Do you mind?