Cloud migration? Factors to consider! Part II

May 14, 2020
 |  No Comments

Security, authentication and access control

Obviously knowing that the authentication, authorization and access control mechanisms of your cloud service provider is essential. How often does it search for and remove obsolete accounts? How many privileged accounts can access your systems and data? What type of authentication is needed for these users? Does your company share a common space (multitenancy) with other CFC’s? How do you ensure that data is not transferred to unauthorized units and consequently stolen ???

It is very important to at least try to to know if these cloud computing service providers limit employees access and control their authorizations so that the execution of tasks is reduced to what is strictly necessary. Who and how many people on the service provider’s team can see your data? Do they subcontract companies to perform these tasks? Where is your data physically stored? What happens when we no longer need certain information? What happens to backups? What happens to this information if I have to make a service regression and keep the information back in-house again?

Data protection is another major concern. Data encryption is used and applied, are these private keys shared between CFC’s?

None of the providers of these services gave me detailed answers to these questions … especially the question related to the theft of information and I still have serious doubts if we ever get them clearly! But at least we are trying to know what is known and unknown.

As a business owner, you must decide whether the security levels offered by a cloud computing company outweigh the potential security disadvantages of cloud computing, as well as the costs inherent in both forms of computing.

Virtual vulnerabilities

Each provider of cloud services is a huge user of virtualization services and each layer of virtualization represents an important platform in the IT infrastructure, with built-in vulnerabilities that can be exploited. Virtual servers are subject to the same attacks that affect physical servers.

When I talk to cloud solution providers and implementers about these virtual risks, many are eye-popping and most say the risks are exaggerated. I usually tell them to check the list of security patches from their software vendors … they are long …

Costs

At first glance, a cloud computing application may seem a lot cheaper than a particular software solution installed and run internally, but you need to make sure you are comparing the same thing, orages with oranges. Yes, applications in the cloud (also known as Software as a Service or SaaS) do not require large capital investments for licenses or supporting infrastructure, but does the cloud application have all the resources you need? Are the resources you have important? Will we need to customize the cloud-based software to meet the needs? These adaptations to the software can greatly increase the cost. If you use custom built in-house software, you may not be able to move it to the cloud without rewriting it! Extremely expensive cost – definitely a disadvantage.

With a move to the cloud, you deliver your information to a conventional IT team that does not have the same knowledge of your business that an “internal” IT has and that can better understand, well… much, much better, your business requirements!

To be sure that we are doing the right thing, we have to carefully observe all the details of the pricing plans, just as we do in our plans for mobile and TV, taking into account the possible future expansion. For example, the president of a non-profit organization that switched to a cloud-based application found that when the number of members hired was exceeded, the cost for the upgrade was more than double !!!

If your business involves transferring large amounts of data, be aware that while transferring data to the cloud, data transfers are charged per GB. If you make many transactions to a database, keep in mind the bandwidth you hire, virtual machines, accommodation, etc. If you are a production company, do you think it is feasible to pay 24 hours of work in the cloud when you can have a local server to do the same job?

If you use linux and / or free software packages, there is no cost, but if you use proprietary software (the decision of what you do with your money is entirely up to you), and if you do not need the most updated versions every year, the software desktop can be cheaper in the long run. For example, if you purchase the perpetual version of Microsoft Office and use it for several years, you pay a one-time fee and own the software forever against having to pay an annual fee for using the cloud-based version, Office 365.

There are free solutions for office tools, like libreoffice, open office… or even the office solution I use integrated with my nextcloud server, the Onlyoffice that is installed in my docker server and completely integrated with my dailly work… but if you feel unconfortable with this solutions you can buy an perpetual licence of Microsoft Office for desktop or decide to use an office 365 type of solution that has a cost that will exceeded the perpetual licence solution after 2 years !!! Do you need to update Microsoft Office every month? every 2 years? Are these changes and updates so important to your workflow? I do not believe!!! I had these doubts some years ago… but now I’ve managed to build this solution with nextcloud and Onlyoffice and I use it every day without any problems… really… no problems at all!

Other types of business applications, such as human resources and salary processing, which require annual updates can be considered for work in the cloud, but always pay attention to data security and pay special attention to the new GDPR rules because of protection of personal data. A security breach here can irreparably compromise a person’s safety, with extremely heavy fines!

The inflexibility of some cloud-based applications can be another serious drawback. Be careful when choosing a service provider that you will not become a customer “forever” because their applications and / or data formats do not allow the transfer / conversion / export of information to other formats. Some vendors deliberately try to “block” customers using proprietary software / hardware, so that it is almost impossible or extremely expensive to switch to another vendor. Make sure that the contract you establish stipulates that you retain ownership of your data and that the supplier’s offers are in line with current standards, ensuring data confidentiality. Also make sure you can easily manage users, bandwidth, accommodation, etc. as your business evolves. Make sure that your service provider has many options available for technical support, including email, phone, knowledge bases and user forums.

To wrap this up, cloud computing is an opportunity for companies to reduce the hassle of managing systems and IT costs, as long as they can live with the disadvantages…and… sometimes these cost reductions can reveal a bigger cost in the long run!

The security issues related to having personal and business data controlled by third parties (and others) seem to me to be the main target of concern for everyone.

Have you thought about how many people you don’t know and who have physical access to your data? Have you ever thought that information could suddenly be unavailable? Have you ever thought that this same information can be tampered with, corrupted and even encrypted?

If you haven’t thought about it yet, start by analyzing whether the information you want to keep in the cloud is stored securely and that no one other than authorized people has access to it and whether it is in fact important to you and your organization. Have you ever imagined going without billing for a couple of hours? Have you ever imagined that someone outside your organization can have access to the data of your contacts, customers, suppliers? And if someone from a competitor company gets all your data?

Think on these issues…