Are You Risking Compliance in an “Unsecure” Cloud?
By: Stephanie O'Neill | Posted: 2009-07-01Two of the biggest concerns about cloud services are data control and security. While these are both very valid concerns, the security fear is also unsubstantiated (some vendors do have questionable practices about data ownership, but LiveOffice believes that every KB to TB of data belongs to its clients, and they can get it back whenever they want). Software-as-a-service (SaaS), or cloud, providers actually have some of the most advanced equipment and technologies on the market - much more high-end systems and safeguards than the majority of companies can afford on premise. After all, this is their livelihood. If they aren't experts at securing the data they store, they won't be around for very long.
Compliance goes hand in hand with these issues, but data stored on a vendor's servers is vulnerable to the same threats as data stored on your own servers. The important thing to note is that the best service providers are well equipped to deal with these challenges and minimize risk. Ultimately, they can do it more effectively than you can.
While there will always be naysayers, some feel that security is best left to the cloud. "SaaS is tailor made for keeping up with the rapid pace of malware development," says Cody Leser, senior director of channel sales at Trend Micro. "There's no way to push patch files continuously; you have to do it in the cloud."
Todd Fitzwater, principal at Demand Solutions Group, says, "Your data is actually getting taken care of in [service providers'] data center[s] better than in yours. The backup and recovery, disaster recovery and security around the servers is much tighter and higher grade than you would put in your own data center."
As with any major decision, companies need to do their due diligence and ask questions - lots of them. Where is the data being stored? What security measures are in place at each data center? Are the data centers redundant? Are the data centers monitored 24-7-365? What type of encryption is being used to protect data in transit? What type of infrastructure is being used to host the data? What type of spam-and-virus protection is in place? Can the data centers handle a sudden increase in demand? How often is data backed up and where are backups stored? Does the service provider enlist an independent, third-party vendor to conduct periodic security scans and other checks? What happens in the event of downtime or a disaster? What happens if the company decides to move its data elsewhere? What happens if the service provider goes out of business or sells to another company?
In the end, you need to make sure you are comfortable with the answers you receive. If there is any doubt about the security of your data, it's probably time to talk to another service provider.
One Man’s Take On Security in the Cloud
By: Dhaivat Pandit | Posted: 2009-05-21An article on Network World caught my attention - a surprisingly decent addition to the ongoing debate about security concerns with the software-as-a-service (SaaS) delivery model. I realize that it's a legitimate concern, unlike those of which pertaining to global warming.
Genetically designed to be skeptical of any buzzwords, I accept that cloud services need more scrutiny. The only entity that knows more about my personal tendencies is my email account, and naturally I want it to be secure. I shudder to think what it takes to entrust your billing, operations or human resources needs to a third party vendor. When the services we're talking about are email archiving and compliance, I can totally see where the general feeling of skepticism comes from.
From the viewpoint of a cloud-based company, I can say that we're all too aware of what's at risk and that we work tirelessly to ensure that we can provide a service that is secure and reliable. As Jon Brodkin mentioned in his article, multi-tenancy is an integral component of cloud computing services. You can be at ease knowing that we take every measure possible to ensure that you and ONLY you can see what belongs to... you. To quote John Hammond from Jurassic Park, "No expense is spared."
SEC says don’t pinch pennies on your email compliance
By: Nick Mehta | Posted: 2008-12-04The United States Securities and Exchange Commission sent an open letter to CEOs of SEC-registered firms imploring them to not ignore or curtail their compliance responsibilities because of the economic downturn.
While CEOs across the world are trying to find ways to save money, they still need to observe their legal and regulatory responsibilities. Obviously, proper email archiving and email compliance are some of the SEC mandates for these firms.
From the letter:
While many firms are considering reductions and cost-cutting measures, we remind you of your firm's legal obligation to maintain an adequate compliance program reasonably designed to achieve compliance with the law. As SEC Chairman Cox noted recently, "[E]xperience has taught us again and again that giving short shrift to regulatory compliance subjects a company's investors, employees, management, directors, and every other stakeholder to unacceptable risks....[C]ompliance programs have made huge strides in recent years in becoming more formalized and more robust.... Now more than ever, companies need to take a long-term view on compliance and realize that their fiduciary responsibility requires a constant commitment to investors. That means sustaining their support for compliance during this market turmoil, and beyond it as well."
