While conventional wisdom says it’s safer and more manageable to maintain secure business processes in-house to avoid security risks in the cloud, we might have reached a tipping point. Due to exponential increases in data and increasingly stringent compliance regulations, it’s almost certain your internal team does not possess the bandwidth, expertise, or patience required to maintain a secure environment.
Given we are in tax season, let me draw a quick analogy. Perhaps as a young person with a part-time summer job and no family, you filled out the 1040-EZ tax form on your own. As years passed, you started a family, invested in property, entered into new tax brackets with new rules, etc. Soon your taxes became a burden that was much simpler to trust to a professional cloud-based service like TurboTax or H&R Block. You relied on a vendor that you know will do the job well because they do it for many customers – they’re the expert.
The same concept applies to operational security and compliant business processes. For example, the management of file transfer processes on a DIY basis is no longer viable for most organizations, given the increasingly vast amount of data transferred within mid-size to large companies. And to think about it more broadly, file transfer is just one part of the equation for a company conducting business between themselves and their partners. If they are required to show PCI Compliance for the whole chain of events, there could literally be thousands of configuration controls they would need to manage and monitor on an ongoing basis to do so. Better to work with compliant service providers, to reduce the complexity without sacrifice of safety.
If this sounds as complex as the Tax Code, it probably is. In response, an increasing number of organizations are bucking the conventional wisdom of on-premise safety, and looking to the cloud. In addition to being a lot cheaper and less-time consuming to hand off certain operational tasks to a cloud-based vendor, recent on-premise data breaches (Target) and the growing scale of securing business processes have pushed businesses processes toward a managed cloud environment.
If your organization is making the shift to the cloud (or considering it) to manage business processes, there are a few “best practices” to keep in mind:
1) Understand the business problem you’re trying to solve and what you’re trying to achieve. This isn’t a new concept, but this will help you identify weak links in your internal management processes and understand where you need a partner.
2) Find the right partner. Invest in partners that help you secure processes without the problem growing beyond your ability to handle it. Ensure your partner is well-equipped to manage the breadth of PCI controls, and able to provide you with the tools you need to show compliance to your auditors, for example. It’s important that no component of what you choose to solve the business problem becomes the weak link.
3) Don’t abandon on-premise solutions entirely. Some of the enabling “fabric” that will make it possible to do business moving forward is a combination of cloud and on-premise. There’s no future where it’s all cloud or nothing, no matter what you might hear.
4) Don’t trust anyone who says they’ll secure an entire business process for you. Security is complex, and the right partners will secure various components of your processes – not everything.
As companies begin to understand the capabilities of the cloud – and how it can meet and exceed their enterprise-grade security requirements – improving the security and compliance of your business processes becomes another task you can trust to the experts in the cloud.