Think Again Before Putting Confidential Data in the Cloud

Cloud Clip Art

The ‘Cloud’ – it is everywhere – literally. That is what the cloud is … a place to house data spread out over an untold number of computers and servers throughout the world.  About 70% of all Americans use the cloud to some degree. With the multitude of mobile devices, it works wonders. You can access your music and videos everywhere, you can update your calendar in sync with other devices, and you can store your sensitive data there. Wait, maybe not the last one. Here are some serious considerations before you put your confidential data in the cloud.

Rain Cloud Clip Art

Our government wouldn’t pry into my data, would it?  Heard of the NSA? By now, probably all Americans have, and not all of it is good. In fact, some of the news is downright unsettling. Now, with the Patriot Act and the NSA’s interpretation of it, your data on the Internet is less safe. The federal government can now get to your data or your client’s data simply by issuing a subpoena, no court order is needed. On top of that, there is plenty of evidence that government agencies are not even bothering with a subpoena in some cases, as the NSA has admitted that some of its employees have gathered information on their own account.  So if you manage data for your clients, and the NSA has suspicions regarding one of them, your data could be shared with others – client names, Ids, social security numbers, financial transactions, and more.

 

Backing up Property Manager dataMy data is backed up in the cloud, right?  Sure, there are redundant backups of your data. That means more servers with your information and more avenues for compromising it.  Has your computer ever gone down? Well, so do servers. And when that happens, your data is inaccessible. Maybe there is a hacker attack and the server is shut down for safety reasons, or maybe the electrical grid is compromised, or a natural disaster happens, the list is endless. If you are running your application on the cloud, your business is dead in the water, and your clients have no access to their data. You can’t process any payments, pay bills, or market your business because everything your business does is done online. Maybe someday you can get the data back, but it could be days or weeks to re-enter lost information. Imaging that if your data is lost and there are hundreds or millions of other clients hosted on the same server, how long would it take to get to you?

 

What happens when they post the ‘Out of Business’ sign?  In the real world, when you do business with a company and they fold, you pick up and find another company. But, what if your entire business is dependent on that company and all of your data is held by that company? What if your log in just stops working and your calls are not returned? You clients will certainly be calling you and demanding answers. You may never recover your data or your client’s data. Your valuable information is suddenly gone, and you will have to start from scratch.

 

My monthlMonthly payments for real estate companiesy payments are reasonable, is the cloud a good deal?  Certainly it is for the vendors. According to the research firm IDC, 2012 revenues are estimated to be 42 billion dollars and estimates for 2013 are as high as 131 billion, according to Gartner, a leading information technology research and advisory company. Consumers are used to monthly payments drafted from their bank account, but often don’t realize the eventual cost. For example, property managers that use ‘software as a service’ (SAAS) typically pay an amount per managed property, and a dollar per property is common. So, if you manage 20 rental units, you’ll pay $20.00 month. But that cost is unending, and can go up at the vendors’ discretion. You pay the increase, or else they can switch you off, effectively shutting down your business. Let’s say you pick up management on a 200 unit apartment building.  Your monthly cost skyrockets to $220.00 per month, or $2640.00 per year just to use their software.

Hackers magnifying glass

Can hackers access my data and my customer data?  Computer hacking is at an epidemic level and they are extremely sophisticated. Hackers can attack major web servers to garner information and filter out all of the email address, bank account numbers, and social security numbers. It doesn’t matter is they know the customer name; they have what they need to steal the identities of your customers.  Once your user name and password is obtained, the rest of your data is there for the taking.  It doesn’t have to be a genius hacker in a dark basement in a foreign country. They can be sitting at a table in the same restaurant or coffee shop while you work on a public Wi-Fi network, stealing from your cloud-based transactions if your application does not use secure HTTPS data transfer.

 

Data outage for property management companyWhat other factors could affect my data?  There are other ways to compromise your data. One way is a malicious ‘denial of service’ where automated systems flood a server to the point that it has to shut down, leaving the customers stranded. In 2011, about 15% of all small businesses were affected by such an interruption, and a whopping 30% of all large businesses were affected. Often those attacks are not reported or even noticed if they are quickly addressed, but other attacks have caused complete outages. Another way that your data could be affected is by natural disasters at the server site, cyber attacks, and electrical grid attacks. While a customer might understand if your business was affected by a fire or hurricane, they might not understand that a server in France could affect their valuable information. If your business was affected, you could take your backups to another computer system, but your cloud data is beyond your control.

 

Does youTwitter bird realtor down timer provider promise they are online 99.5 percent of the time?  That looks great, who can complain about just a .05 percent downtime? Lots of businesses can, and in fact this is only a promise usually not supported by a ‘guarantee’ that compensates you if it doesn’t work out.  Doing the math you’ll find that the ‘expected’ downtime is 44 hours per year, or 3.6 hours per week that your business can’t operate if it depends on the cloud to run.  However, you will still need to pay all of your employees for that time.

 

Are we trying to discourage people from using the cloud? No, having access to shared data is fantastic for many applications, especially for sharing videos, pictures, books, text messages, email, non-confidential documents, and a host of apps. Just think twice about committing your business to the cloud, be aware of the pitfalls, and ask the right questions of potential cloud based vendors. Your information and the records of your customers are too valuable to put at risk. Here are some suggestions of what you might ask of your cloud-based vendor if you are considering moving your business to the cloud.

15 Things to ask your cloud computer vendor:

1. Do you have a disaster recovery plan? Tell me about it.

2. Will I be notified of any down time, either planned or unplanned?This to ask cloud computer vendor

3. Will you provide me with my own copy of my data in usable form?

4. Do you sub-contract out my data to a different company or hosting service?

5. Do you use a secure gateway for transfer of data?

6. Is my valuable data encrypted? To what level of security?

7. What compensation would I receive if my data is lost?

8. What level of employee in your company has access to my data?

9. Does your company provide encryption of email addresses to eliminate spam?

10. Is my data kept separated from other companies?

11. If I miss a payment, will my business be cut off?

12. Is my data redundancy stored over multiple geographic locations?

13. What percentage of ‘up-time’ can you guarantee?

14. Is the data that you maintain subject to government inspection?

15. If I switch to another company will I be able to get exported files?