CLOUD SOFTWARE VS. ON-PREMISES: DATA SECURITY
There has been a lot of news lately about cloud security breaches, and this is bound to cause concern in any potential buyer of cloud software. Yahoo was recently hacked and user information was stolen, and Dropbox, a cloud data storage service was recently hacked, leading to some of its members receiving unwanted emails.
To be fair, for every instance of a security breach of a cloud service, there are likely 10,000 breaches of on-premises systems. Thieves go for the targets of least resistance, and those targets are not the sophisticated networks run by the cloud operators. So, let’s look at some of the most important factors that govern data security.
On the cloud side:
1. Enterprise data is stored in “hardened” data centers that have the highest level of physical security, network security, data backup, and power continuity. An on-premises system cannot hope to match it.
2. Data is encrypted when it leaves the cloud, and while it’s in transit.
3. Most cloud ERP software uses strict roles-based security policies. All users do not have access to all the cloud data, so if a user’s ID and password are compromised, the hacker only has access to a limited amount of information. Most clouds also enforce the use of “strong” passwords, thus reducing the vulnerability of easily-hacked username and password combination.
On the on-premises side:
1. Network security depends to a large extent on the training and execution of the IT Department staff, or of the IT provider. The more highly trained they are, the safer your data is. It is difficult for a smaller enterprise to maintain high levels of IT training, so “local clouds” AKA “hosted software providers” have become a popular choice. In this setting, application software is installed at the hosting center, and it’s available to all staff. Although the application software may be a legacy system, and may not be as secure as modern ERP or CRM cloud software, hosting it in the cloud brings all the physical security, network security, data backup and power continuity advantages that true cloud software enjoys.
2. Let’s face it, data security is only as good as your system manager and your weakest user. It’s up to your system manager to enforce strict password controls and to make sure that all software has the latest patches, and it’s up to your users to take your policies seriously.
3. Many on-premises ERP and CRM packages have roles-based security built into them. As with a true cloud application, this feature builds protective walls around your data, which minimizes the damage that an intruder can do.
On both sides:
1. It is critically important that your system manager stays on top of all changes in your staffing. It is imperative for all businesses to keep terminated employees from gaining access to sensitive data.
So which is more secure – an on-premises solution, a “private cloud” (i.e. a hosted solution), or a true cloud application? All other things being equal, a true cloud application is likely to be more secure than any other. A private cloud (hosted application) is the next most secure solution, and an on-premises application is likely to be the least secure alternative.
Does that mean that an on-premises solution is not secure? Not by any means. Your data security depends on the security features built into your on-premises software, it depends on the level of training and watchfulness of your IT or system manager, and it depends on how seriously your end-users take your company’s security policies. You should have all of these reviewed annually by a data security specialist.
Doug Deane is President of DSD Business Systems, a national provider of on-demand (cloud) and on-premises ERP and CRM software, specializing in wholesale distribution, manufacturing, warehouse management, inventory, business intelligence, and eCommerce software. DSD offers Sage 100 (formerly MAS 90), Sage 300 (formerly Accpac), Sage 500 (formerly MAS 500), NetSuite, Sage FAS, Sage HRMS (formerly Abra), Sage CRM, Sage SalesLogix, Extended Solutions, and Custom Programming.