Opinion Piece: How Secure Is Your Critical Data In The Cloud?
Storing data in the cloud makes sense and uptake is growing as more solution providers offer this option. However, how secure is sensitive financial and client information when it is backed up to and stored in the cloud?
The good news is that vendors are putting standards in place to govern the security of data in each phase: the virtual or transport phase, the physical storage, and user access via a Web interface. This assists organisations with compliance and reduces the complexity thereof.
Backing data up to the cloud makes use of many of the policies applied in traditional tape- and disk-based backup solutions. Both use backup management software to prioritise and schedule backups, and both ensure offsite storage of data to protect organisations against disaster.
Cloud backup offers a few other advantages. It removes the need to manage physical hardware by automating the process and is generally highly efficient. However, given the vulnerability of data in the digital realm, is it as safe? Scrutinising the process provides some assurance.
Data security in the cloud - in transit, in storage
Storing data in the cloud usually starts with the provider collecting an initial data ‘ingestion’ on disk, and storing it in a vault. From here on, backups are iterative.
Furthermore, some suppliers provide a server device at the client’s premises establishes a secure tunnel along which data is transported. An ‘agent’ on the device should use unique codes to connect to a vault in the cloud via proprietary ports owned by the cloud backup service provider.
Once data is backed up in a vault (the physical vault could be local or international), the vault itself should be backed up, with a secure mirror copy of the vault stored in another location which excludes any single point of failure.
Data security is taken very seriously by vendors and providers. To ensure data is safe, only outbound connections (from the company to the vault) are established by the server. Each time a connection is made between the vault and the agent software, public key encryption is used for mutual authentication, authenticating the agent to the electronic vault, and the vault to the agent.
In addition, data should be encrypted during transmission and remain encrypted while stored. The level of encryption required is the 256-bit Advanced Encryption Standard (AES) – the current gold standard for encryption.
As the customer holds the encryption keys, the data cannot be accessed by the service provider or anyone else. Furthermore, industry-standard Secure Sockets Layer (SSL), offered by some vendors, is used for communication between the software agent and the vault, ensuring any modification of data can be identified, therefore preserving the integrity and confidentiality of the data.
These measures implemented by best-of-breed vendors ensure the integrity of data transport and storage, but how secure is the Web interface used by the organisation to schedule backups and access stored data? A number of safeguards should be in place here too.
Cloud backup solutions - Web user interface security
For storage in the cloud, one of the benefits is that users can access data from anywhere using a Web browser. The challenge is to prevent insider attacks via this interface and to prevent damage being done by unauthorised users with stolen passwords. This is achieved by a number of means:
· Communication between the user and the agent software being encrypted using SSL,
· The contents of backed up data files not being accessible via this interface with backed up data only being restored to the computer it originated from,
· Backup policies and passwords not being set via the user interface, and
· Limited authority being granted to users of this interface.
With security applied to virtual access to data, a final question remains: what of the physical security of data stored in the vaults of the solution provider? Besides duplication of vaults in different locations, standard physical security safeguards are put in place by some vendors at reputable data centres.
Physical security of data backups ‘in the cloud’
In terms of the physical security of data, there are clear standards in place at data centres. These requirements cover the security of the facility, as well as its contents. They include 24x7 security guards, as well as 24x7 internal and external environmental monitoring alarms.
Where credit card data is stored, compliance with the Payment Card Industry Data Security Standard (PCI DSS) and the ISO 27001:2013 information security standard is mandatory.
In selecting a provider of cloud backup services it is particularly important to request proof of compliance best practice data centre standards, as well as PCI DSS compliance if customers’ credit card details are stored. Failure to meet these requirements could result in unpleasant fines for the both the provider and the owner of the data being stored.
The future of cloud backup
The benefits of using cloud storage in combination with, or to replace traditional tape and disk storage strategies can be significant for SME’s.
However, organisational needs and environments, as well as existing investments, will dictate strategies. What is certain is that the uptake of cloud storage will continue to grow as organisations realise its value and become more aware of the security surrounding this solution.
In addition, many SME’s will be attracted to the opex nature of SaaS expenditure compared to the capex plus opex costs of alternatives such as tape backups.
You want peace of mind that your data is protected, compliant and secure. The following questions will put the right foundations in place:
· Does the service provider make use of proven, intelligent software that offers suitable levels of security?
· Are the data centres where the data is to be stored suitably protected?
· Can the service provider prove compliance with industry standards?
If the answers to all three questions are ‘yes’, ask three more:
· Does the solution on offer make use of proven technology; is the brand reputable?
· Is the service provider skilled and knowledgeable?
· Does the service provider have a good track record?
Automation of repetitive tasks leads to higher value work
Two-thirds of global office workers feel they are constantly doing the same tasks over and over again. That’s according to a new study (2021 Office Worker Survey) from automation software company UiPath.
Whether emailing, inputting data, or scheduling calls and meetings, the majority of those surveyed said they waste on average four and a half hours a week on time-consuming tasks that they think could be automated.
Not only is the undertaking of such repetitious and mundane tasks a waste of time for employees, and therefore for businesses, but it can also have a negative impact on employees’ motivation and productivity. And the research backs this up with more than half (58%) of those surveyed saying that undertaking such repetitive tasks doesn’t allow them to be as creative as they’d like to be.
“When repetitive, unrewarding tasks are handled by people, it takes time and this can cause delays and reduce both employee and customer satisfaction,” Gavin Mee, Managing Director of UiPath Northern Europe tells Business Chief. “Repetitive tasks can also be tedious, which often leads to stress and an increased likelihood to leave a job.”
And these tasks exist at all levels within an organisation, right up to executive level, where there are “small daily tasks that can be automated, such as scheduling, logging onto systems and creating reports”, adds Mee.
Automation can free employees to focus on higher value work
By automating some or all of these repetitive tasks, employees at whatever level of the organisation are freed up to focus on meaningful work that is creative, collaborative and strategic, something that will not only help them feel more engaged, but also benefit the organisation.
“Automation can free people to do more engaging, rewarding and higher value work,” says Mee, highlighting that 68% of global workers believe automation will make them more productive and 60% of executives agree that automation will enable people to focus on more strategic work. “Importantly, 57% of executives also say that automation increases employee engagement, all important factors to achieving business objectives.”
These aren’t the only benefits, however. One of the problems with employees doing some of these repetitive tasks manually is that “people are fallible and make mistakes”, says Mee, whereas automation boosts accuracy and reduces manual errors by 57%, according to Forrester Research. Compliance is also improved, according to 92% of global organisations.
Repetitive tasks that can be automated
Any repetitive process can be automated, Mee explains, from paying invoices to dealing with enquiries, or authorising documents and managing insurance claims. “The process will vary from business to business, but office workers have identified and created software robots to assist with thousands of common tasks they want automated.”
These include inputting data or creating data sets, a time-consuming task that 59% of those surveyed globally said was the task they would most like to automate, with scheduling of calls and meetings (57%) and sending template or reminder emails (60%) also top of the automation list. Far fewer believed, however, that tasks such as liaising with their team or customers could be automated, illustrating the higher value of such tasks.
“By employing software robots to undertake such tasks, they can be handled much more quickly,” adds Mee pointing to OTP Bank Romania, which during the pandemic used an automation to process requests to postpone bank loan instalments. “This reduced the processing time of a single request from 10 minutes to 20 seconds, allowing the bank to cope with a 125% increase in the number of calls received by call centre agents.”
Mee says: “Automation accelerates digital transformation, according to 63% of global executives. It also drives major cost savings and improves business metrics, and because software robots can ramp-up quickly to meet spikes in demand, it improves resilience.
Five business areas that can be automated
Mee outlines five business areas where automation can really make a difference.
- Contact centres Whether a customer seeks help online, in-store or with an agent, the entire customer service journey can be automated – from initial interaction to reaching a satisfying outcome
- Finance and accounting Automation enables firms to manage tasks such as invoice processing, ensuring accuracy and preventing mistakes
- Human resources Automations can be used across the HR team to manage things like payroll, assessing job candidates, and on-boarding
- IT IT teams are often swamped in daily activity like on-boarding or off-boarding employees. Deploying virtual machines, provisioning, configuring, and maintaining infrastructure. These tasks are ideal for automation
- Legal There are many important administrative tasks undertaken by legal teams that can be automated. Often, legal professionals are creating their own robots to help them manage this work. In legal and compliance processes, that means attorneys and paralegals can respond more quickly to increasing demands from clients and internal stakeholders. Robots don’t store data, and the data they use is encrypted in transit and at rest, which improves risk profiling and compliance.
“To embark on an automation journey, organisations need to create a Centre of Excellence in which technical expertise is fostered,” explains Mee. “This group of experts can begin automating processes quickly to show return on investment and gain buy-in. This effort leads to greater interest from within the organisation, which often kick-starts a strategic focus on embedding automation.”