Monitoring Security Compliance
No discussion of cloud solutions would be complete without a discussion on security and compliance. While cloud providers may have the responsibility to address both elements for the company, accountability remains with the corporate executives.
Thus, executives need to ensure that there is regulatory compliance and transparency and, if applicable, compliance with the interim safe harbor rules. In October the Court of Justice of the European Union (CJEU) invalidated the 15-year-old Safe Harbor agreement between the EU and U.S.
There is an interim solution in place and, if one is moving personal data from the EU to the U.S., one's cloud provider needs a method of handling the data properly lest the EU regulators choke off the flow of personal information to the U.S.
Executives need to also understand the security features of the SaaS offering and terms and conditions of the agreement. Wherever possible, data should be encrypted both in transit and at rest. Access to the data should be tightly controlled and executives should ensure that the data belongs to the company, not the vendor.
Additionally, vendor access to the data should be limited to that needed to administer and protect it, and ceases after termination.
Use of SaaS applications offers SMBs an opportunity to compete effectively with large enterprises that are able to create their own in-house mass personalized digital discourse. This competitive advantage and potential revenue driver far outweighs any cost savings advantages.
Business and IT executives should focus on the revenues more than the cost savings and any return on investment (ROI) analysis should validate the upside revenue gains derived from the move if the shift to the cloud is to occur.
About the author
Mr. Braunstein serves as Chairman/CEO and Executive Director of Research at the Robert Frances Group (RFG). In addition to his corporate role, he helps his clients wrestle with a range of business, management, regulatory, and technology issues.
He has deep and broad experience in business strategy management, business process management, enterprise systems architecture, financing, mission-critical systems, project and portfolio management, procurement, risk management, sustainability, and vendor management. Cal also chaired a Business Operational Risk Council whose membership consisted of a number of top global financial institutions.