Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

3 misconceptions small business have about the cloud

Paul Mah | Jan. 29, 2016
CIO.com’s Paul Mah debunks three of the biggest myths about cloud adoption at small-and-midsize-businesses.

Starting a small business, or trying to grow it is a daunting affair. Thankfully, cloud services have sprung up to help business owners better leverage technology.

However, the cloud can be confusing and surrounded by myths and misinformation. With this in mind, we take a closer look at some of those common misconceptions, specifically in the context of using the cloud to host websites, email services and online file storage.

1. Distrusting the security of the cloud

An age-old concern with cloud services is that security is poor compared to businesses that handle their own hardware. However, this misses the point. Few small businesses can even afford to set up their own IT department, much less hire dedicated security staffers with the skillset and experience to properly protect their organizations from the bad guys.

Cloud businesses have every incentive to not only defend their infrastructure against hackers, but have more resources to monitor for breaches and to handle any intrusion that occur. Because the cloud is about economies of scale, this is also achieved at a price point that is cheaper than similar arrangements such as an on-premises deployment handled under a managed services contract.

The superior security of the cloud is most apparent with large cloud-based services such as Gmail and Office 365, which runs on infrastructures maintained by Google and Microsoft, respectively. Certainly, small businesses are freed from the need to constantly monitor new security patches or updates, and from having to schedule service downtimes to install them.

No organization can claim to be immune from security threats. This includes specialized password management companies, billion-dollar security firms or even the National Security Agency (NSA). However, a large cloud provider is far more equipped in terms of both the will and the means to protect their digital turf.

Organizations working within certain regulated verticals will, of course, need to adhere to compliance regulations, regardless of their size. Yet a clear distinction between the types of data exists even in such situations, allowing businesses to host their websites, for example, on a cloud platform while their email and file storage is deployed on-premises or in a private cloud.

2. Misunderstanding encryption

An overemphasis on encryption by marketers has led to confusion about the role of encryption. To be clear, encryption is typically applied either to data in transition or data at rest. The former is easy to understand, as technologies such as Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are used to protect data against snooping as it travels between two points on the Internet.

Protecting data at rest, however, entails encrypting data that is written onto a storage drive. Similar to how encryption protects an organization from data leaks stemming from a stolen laptop, this ensures that data cannot be read by an intruder who successfully makes away with a storage drive. Obviously, this is of limited utility for cloud service providers, considering that their servers are already housed within data center installations with a high level of physical security.

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.