With the bull-rush to use the cloud and web-based solutions, the question of security has to come up at some point. “All those systems and all that data that used to be safely tucked away in my office closet are now gone. Where are they now? And who’s watching over them?”
As nearly every software-maker on the planet is migrating their solution to be cloud-friendly, they are removing that software from your office and placing it somewhere in cyberspace. They are asking us to just trust them when it comes to security, reliability and value.
If you are a small to mid-sized business, you have probably seen this happen to others if it hasn’t already happened to you. If you use SalesForce, DropBox, GoogleApps, or QuickBooks Online, you are right in the middle of it.
While the value of these solutions can be substantial, it does leave many questions business owners simply don’t have time to deal with. Digging deeper into each and every solution can be a time-consuming project, taking you away from the very thing you desire – more time to focus on your business.
The reality is, instead of having a single magic box in your office that contains all your software and data, you now have software and data all over the globe — literally. To make matters worse, the solution may not even be as good as what you had. But that hardware closet is now empty, so starting over and buying hardware and software again is likely not a good option.
Here’s a real-world scenario. Your company has decided to get out of the IT business because you are too small to employ an IT staff and it’s too expensive to keep up with all the hardware and software required. So you replaced ACT! with SalesForce for your customer relationship management, replaced your file folder with DropBox, replaced QuickBooks with QuickBooks Online, replaced paper expense reports with Concur, and use a private cloud provider for your custom software.
The good news is your software and data is accessible anytime from anywhere. But the scary thing is you don’t know exactly where it is or if it’s safe.
The Right Questions
Most of the major cloud players, as in my sample above, are large providers that can meet almost every requirement you can throw at them. The question is, What are your requirements?
If you are in healthcare, you likely need to ensure some, if not all, of your solutions are HIPAA compliant. If you are in retail, you need to ensure you are PCI compliant. If you are in financial services, you need to ensure you are SEC compliant. The list goes on. The absolute worst time to learn your requirements is during an audit. Talk about too little, too late.
What about data backup? Is your data backed up? How often? How easily and quickly can it be restored? What if one of their data storage facilities goes down — will your business still be operational? As with an audit, if you have a disaster and need to recover, you couldn’t pick a worse time to figure that out.
Who’s watching the store? With all your solutions now spread out all over the place, who has an overall understanding of your business and overall IT needs, collectively? Every solution you deploy should follow an IT Roadmap specific to your business, following a defined path, but you now have everything dispersed without a map and thus without direction.
The Right Steps to Peace of Mind
There are some basic things you can do, even as a non-IT person to ensure you are in good hands.
Have a relationship with a trusted IT provider
You may not need IT staff, but having a trusted IT service provider looking out for your best interest and keeping up with all these requirements is key. They do the legwork for you. They can also provide the hand-holding and support required when needs fall outside the scope or capabilities of your solution provider. Most importantly, they provide a holistic view and can make recommendations for your IT needs from top to bottom — something none of the individual solution providers can do.
Every solution provider you use should be able to tell you where your data is, if it is secure, if they meet regulatory requirements, how it is backed up, what to do in the event of a disaster —and the big one —how do you get your data if you decide to change providers?
Watch your fees
Most cloud-based solutions are purposely sold to “get you in,” and then have ways to increase fees over time. This can be through upselling to a version with features you really need after you’re already in, additional per-user fees which grow as your company grows, or usage-based fees that increase as you use more. Invoices should be detailed and clear. I see many cloud-solution provider invoices with a single line and no explanation of what’s in it. Ask for more.
Don’t be afraid to change
Cloud solutions can be a perfect fit for your company, and they can fit for years — but you can also outgrow a solution due to your business’s size or requirements. You should be able to easily change from one solution to another – the data is yours! Remember about asking questions? Make sure you understand beforehand the vendor’s process for providing you your data should you decide to make a change.
How do we know all this? Because Fluid IT Services does all the above for our clients. As a full-service IT firm, we are a trusted partner and advisor to our clients with an active role in helping our clients ensure all of these questions are addressed. Often we have to be the “glue” to make this all work and be the one to address issues when (not if) they happen outside the scope of the individual provider’s willingness and ability to help.
Also, as a provider of cloud services with the Fluid Cloud, we are on the other end having to answer those same questions for our clients. So we get IT! Is your IT safe with us? You bet it is!