As use of the Cloud has become more pervasive, it’s been interesting to observe the evolution in perception that has taken place with regard to its safety and security. Initially, the perceived risk of having your financials in the Cloud came from CFOs or controllers whose main concern was that they didn’t physically have control of their data. They liked the reassurance of being able to look at a server at their facility and say “That’s my server. It has my financial data and applications on it.” Obviously there’s also a security aspect regarding restricting access to the data. So the perceived risks have always been around control of the data – whether we’re talking about physical control, user access control, or other similar issues.
In reality, many on-premise IT departments at small-to-midsized businesses (SMB) simply cannot invest enough to create a comparable environment to what we’re able to provide with our cloud offerings. For example, they’re running minimal firewall policies, or they’re not maintaining their firewall patches, or the configuration of the firewall is such that there are holes in the security level. They are not doing – or not testing – regular backups. And they usually don’t have off-site backups at all. So, a lot of the perceived concerns that decision-makers originally had when hosting first came onto the scene is now mitigated by what we’re capable of doing, because the services that we’re able to provide around security and access and the collective investment that we have in infrastructure is much greater than any one company can afford to make on its own.
Today, we’re seeing more awareness of the realities of maintaining on-premise systems, and most of the concerns about the Cloud are going by the wayside. The Cloud now offers greater sophistication and greater controls over both your data and user access than an SMB can provide in-house. It’s no wonder that the bulk of our customers now avail themselves of our offerings in the Cloud. The investment in security and access control and in backups and infrastructure that we can offer as a cloud service provider just isn’t affordable for one company. Network bandwidth is another good example of how the Cloud economy of scale works. A data center will have significantly more bandwidth than any one customer could have on their own. Multi-national companies really benefit from this, since maintaining remote access infrastructure and the bandwidth to support it can be a tall order.
So, how do we keep our customers’ financials secure in the Cloud? There are two levels of security in place. There’s the physical aspect of controlling the infrastructure, where there is biometric controls, mantraps, and other security in place to restrict access to our servers – not something that most companies put in place. We have SSAE 18 controls in place at our data center, which is especially important to our “public” customers, for change management and who has the ability to make changes, in terms of change controls, physical access controls, and things like that. That’s one level. But the other level of security is access – how are users are provisioned to gain access to their systems and only their systems. We maintain a security structure and policies that ensure that Cloud customers can only see their own data and only access their own systems. That’s enforced all the way down to the physical layer where we put database files. So when we provision a new financial system for a customer, we create the databases for that system. Those databases are placed on a file system that only that customer has access to. This makes it impossible for another customer – even if they were somehow to obtain administrative privileges within their environment – to another company’s data, because the data is segmented to prevent this. There’s a great deal more to this, of course, but that’s the basic concept, without getting too technical.
Customers that choose to put their financial systems in the cloud are getting a greater return on that investment today than ever before. They’re getting the benefits and advantages of the more sophisticated and complex security infrastructure that a cloud server system can provide. We can provide more capabilities, greater sophistication and more security layers than any one company could do for itself. It would be very expensive – and probably unreasonable – for a single company to replicate what we provide today with the Tensoft Cloud infrastructure.
For more information about Tensoft’s products and services, please contact us. If you’d like to comment on this article, I encourage you to Tweet, post to Facebook or blog about it!