Graphic by http://www.cloud-computing-cloud-computing.com/
Contractormag 1872 Cloudcomputing
Contractormag 1872 Cloudcomputing
Contractormag 1872 Cloudcomputing
Contractormag 1872 Cloudcomputing
Contractormag 1872 Cloudcomputing

Online Exclusive: How Secure Is Your Data in the Cloud?

March 19, 2014
One issue holding it back is fear that the cloud isn’t secure enough. It’s prudent to check into the security practices of your current or potential cloud service provider. The real game-changer is the connection of the cloud with those convenient mobile devices we all know and love. You may also want to consider mobile device management tools.

Many mechanical contractors are now embracing cloud computing, using it for backup and disaster recovery, to tap into software applications anytime and anywhere, and for hosting computer storage, hardware, servers and network components.

The benefits of cloud computing are attractive. You can deploy cloud-based software applications in just a few hours versus weeks or months. Using mobile devices, staff in the field can get to critical job and project information thanks to the cloud. And sophisticated information technology (IT) capabilities are now more accessible and affordable, leveling the competitive playing field for smaller mechanical companies.  

Still some technology experts say that cloud computing hasn’t yet reached its full potential. One issue holding it back is fear that the cloud isn’t secure enough. That’s a valid concern, but not unique in the world of information technology. IT security is a commitment that every company should make no matter if their applications, data, systems, and infrastructure physically reside in the office or in the cloud. Among the chief concerns for either situation are application and system attacks, data leaks, and security breaches.

Confidence in Your Cloud Service Provider

Keeping your business data confidential and safe is of utmost importance. No matter how you plan to use cloud technology in your business, it’s prudent to check into the security practices of your current or potential cloud service provider. After all, your data is in their hands. Here are a few critical questions to ask as applicable:

  • Do they have reliable security policies and procedures in place? Ask them to explain exactly how they protect your company systems from firewall and server breaches?
  • Are regular security audits of their services conducted by a reputable third-party information security firm?
  • Is data encrypted? 
  • Do they have secure web services for connections between servers and with mobile devices to mitigate unauthorized access, network eavesdropping, and other threats?
  • Are audit trails and online reports available to track who requests, accesses, and views information? This is particularly beneficial for legal protection and contract compliance.
  • Do they have security settings that allow you to identify and ensure that only the right people see confidential documents such as contracts and invoices?
  • Will you have your own dedicated secure site so data is safeguarded from others?

By using a security-strong cloud service provider, security can actually improve due to centralization of data and the ability of service providers to devote resources to solving security issues — resources you may not have on staff.

Reducing the Risk of Mobile Devices

The cloud provides the method for deploying applications and information on the Internet and other networks. But the real game-changer is the connection of the cloud with those convenient mobile devices we all know and love. And their use is increasing, especially among mechanical and other specialty trade contractors. According to a 2014 Construction IT Trends survey conducted by Sage, 46% of specialty trade contractors plan to increase their business use of tablets and 43% their use of smart phones this year alone.

But with those mobile devices come some hidden security risks if precautions aren’t taken. The business use of company and employee-owned smart phones and tablets requires a new way of thinking for you and your employees and new approaches to security. The construction industry as a whole still has work to do in this area, but progress is happening. In 2013, 60% of construction firms did not have a mobile security plan in place, according to the Sage survey. One year later that number dropped to 49%.

How do you quickly move toward establishing a mobile security plan? Take these key steps to start mitigating your risk:

  1. Set some immediate ground rules. For starters, consider applying existing security policies to mobile devices (such as password length). Share your intention to publish a more formal policy at a later date.
  2. Involve your employees. People are passionate about their devices, especially if it is their personal phone or tablet. If you don’t fully understand how they use their devices and implement policies that are too restrictive, they will rebel.
  3. Create a list of approved technologies. Consider creating a directory or list of acceptable devices and apps. This will ensure employees only use technology and apps from trusted providers.
  4. Develop a security plan. Take into consideration important practices such as data wiping, password standards, and employee access levels.
  5. Publish a policy. Establish appropriate security controls, clearly explain the expectations to employees, define company rights, outline expense reimbursement, and communicate what technical support the company will provide.
  6. Enforce security policies. Like any guidelines, without enforcement, employees will view your mobile security policy as optional (especially in an environment where they bring their own devices, often called BYOD).

Whether you supply key employees with mobile devices or allow your employees to use their own devices for work purposes, you may also want to consider mobile device management tools. Mobile device management (MDM) software helps you securely manage and support a variety of mobile devices used by your employees. It is especially useful in BYOD environments to separate and appropriately secure corporate information from an employee’s personal information. MDM software can help you enforce password usage, encrypt data, and remotely lock or delete data when a device is stolen. You can also use it to manage your devices and applications. This includes the ability to accept and reject applications, create a company-approved app store, wipe data by application when an employee changes roles, and remotely configure and update devices.

The Best of Both Worlds

Cloud and mobile technologies can transform your company, leading to higher productivity, improved collaboration, and better customer service. By assuring you are working with security-minded cloud service providers and by establishing your own mobile security plan, you can enjoy those benefits while not compromising your company’s proprietary data.

Deb Carpenter-Beck is a writer with Sage. She has more than 25 years of experience in the construction industry and often writes about technology and business best practices for contractors. You can follow her blog posts at www.blog.sagecre.com and on Twitter @SageDebCB.

Voice your opinion!

To join the conversation, and become an exclusive member of Contractor, create an account today!