The huge benefits of moving your business to the cloud are often overshadowed by one big question. What about security? It’s a question InCloud Solutions Sales Executive Greg Lynch comes across all the time as he speaks to business owners about their Enterprise Resource Planning (ERP) needs. That’s why we’ve asked him to talk us through the answers to his Top 5 Questions on cloud security.
1. How Secure is the Cloud?
This is one of the most common objections I am faced with daily and given that many of the people I talk to don’t have the luxury of a dedicated IT team, I completely understand the scepticism that surrounds investment into a cloud based product. Add to that all the bad press that “the cloud” has received with news stories about hacked celebrity photos etc. it is hardly surprising.
The first thing to remember, is that you are investing in a Private Cloud – this is not publicly shared like Apple photo storage; this means that the only parties with access are you the client and the supplier hosting your data – in our case SAP.
When your information is moved onto the cloud it is encrypted and sent securely to SAP where it is unlocked with a unique encryption key for storage. You and your authorised users can then access it at any time. But at no point is there any unscrambled data out there to be intercepted.
2. Where is my data stored – how secure are the premises?
When you move your data to the cloud, instead of living on a hard drive in the office, it is stored on servers in a secure warehouse – usually in Germany. SAP know how important security is to you and that is why they spend 500 million Euros a year on data security. The physical premises are protected by patrols and video cameras and there is power back up should anything go down. The data itself is monitored 24/7 by SAP Staff and any irregularities are instantaneously investigated.
As well as physical there is virtual security which includes penetration testing, 24/7 monitoring, security guards, encryption services, firewalls etc.
Take the virtual tour of a data centre run by SAP right here and see for yourself!
And this piece here explains how we protect against everything from fire and natural disasters to hackers.
3. What guarantees do I have on data protection?
Your data is one of your company’s biggest assets so you will be re-assured to know that our access to your data is severely restricted. SAP only has access in its most basic form as bundles of data packages – this allows them to create back-ups in case of loss.
Access to data with regards to service support requires permission from you the customer.
In addition you have the protection of some extremely tough European Laws to ensure that SAP keeps your data safe. All our client’s data is stored in Europe and therefore subject to EU law.
Specifically SAP has been awarded a certificate to show it is fully compliant with ISO 27001 the official gold standard for Information Security Management set by the Organization for Economic Cooperation and Development (OECD) which governs the security of information and network systems.
When you are comparing ERP systems do feel free to quiz the pre-sales team on all aspects of data security. For example some companies may store data in the USA where the law is different. There your data may be subject to the US Patriot act which allows the US government to confiscate any data from a suspected party, in order to assist in a federal investigation.
My advice is to make sure your data is hosted on European soil. The laws are in place to protect sensitive data, and those hosting have to comply.
4. What happens if my data is compromised?
This is what I like to call the crunch question – as a sales professional, it is my responsibility to inform the customer before they ask. And as a certified consultant, I should let you know that my competitors ought to be doing the same.
Agreements vary from supplier to supplier and from product to product, so it is essential that you spend time on this.
Think of your investment in the private cloud as an insurance policy; you are trusting a supplier to host your data, and as a consequence, they are liable to compensate you in the event of data loss. This ranges from disaster recovery through to monetary compensation – all off which will be detailed in your contractual agreement.
With SAP Business ByDesign, which is the main product offered by InCloud Solutions at present you get;
- 24 X 7 customer support
- Continuous system monitoring
- State of the art hosting environment
- Future solution releases
- Application management services
- Back-up & data recovery services
- Regular Upgrades
Compared to an on premise system this level of care will be saving you a great deal of time and money should anything go wrong. A team of disaster recovery professionals don’t come cheap. By choosing cloud hosting you are putting valuable insurance in place.
5. What Can I Do To Ensure My Own Security?
Despite the guarantees we offer you there will always be some straightforward security measures you should take yourself. 60% of data breaches occur because of loose security internally.
So make sure you have a strong internal policy and high levels of compliance on things such as passwords, restricting access to sensitive information and terminating access to departing employees.
An ERP solution, be it cloud based or not, is a very good way to restrict access to key business processes and therefore delicate and sensitive information. It encloses key business functions whilst allowing ultimate transparency to super users (C-Level and management)
Here are some other things you can do;
• Select a Cloud ERP that is hosted in the EU
• Select a cloud ERP that is private (you are renting your own private space).
• Check the contractual obligations
• If you have a query raise a service request as well as calling your channel partner.
I hope we have been able to answer some of your key concerns around security in the cloud.
Here are some useful articles about how to take steps to protect yourself and inform yourself about current issues around security.
Please don’t hesitate to contact us at InCloud Solutions if you would like to find out more about ERP systems in general or Business ByDesign from SAP.