Anyone working in accounting or human resources has access to immense amounts of personal data. A compromise of this confidential data could result in identify theft or even company fraud. So it’s no surprise that whenever I talk to companies about how they store their data, the number one concern I hear is in regards to security.
At Dexter + Chaney’s 2011 Users’ Conference, we announced that we were moving to a completely web-based platform for our construction software. Clients were excited about our new user interface and enhanced accessibility, but we did get a lot of questions about security – where would data live (it can be stored on premise or as a hosted solution), how safe would the data be, who would have access, etc. To discuss the important topic of data security, I’ll share the insights of my friend Eric Carter, President of Approach Technology, to provide some insight:
Data Centers vs. Do-It-Yourself Security
I think it’s safe to say that when most people say they’re concerned with security, they’re concerned with mitigating the risk of fraud, both internally and externally, and physical access to the data. According to Eric, most of his clients have “far humbler” security checkpoints than what a data center can offer. After all, the highest security data centers have a number of security checkpoints and even use biometric security, such as palm print scanners.
These data centers specialize in keeping data safe, so the measures they take typically exceed what a company would implement for themselves, for example having backup generators and cooling systems. In fact, a recent study indicated that most companies spend more on coffee than they do securing web applications. While Cloud providers aren’t immune to hackers, the reputation damage and potential lost business they incur when a security breach occurs incentivizes them to implement the most stringent security measures possible.
Today’s Cloud Security
According to Eric, the degree of data security depends quite a bit on the company. For example, banks and other financial institutions put in stronger measures than many other industries. He noted, though, that while almost all banks protect secure transactions through the common HTTPS encryption, most of the security measures are implemented on the back end with multiple networks, firewalls, and layers of encryption. The biggest security issue he actually sees is from user passwords being too simplistic.
For most companies, security isn’t a primary function, but it is necessary. To keep your data secure, you might want to consider outsourcing the security functions. Most providers can create a plan to meet your needs, not to mention budget. Security measures will continue to evolve, particularly as adoption of cloud computing increases. The U.S. Department of Defense recently started using public clouds to support some of its infrastructure. Eric even predicts that down the road, information will be protected with not only a password, but biometrics, such as a fingerprint.
What measures does your company implement in order to ensure your data is secure?