How safe is your data in the cloud?
If you are wrestling with the idea of moving your customer and application data to the cloud, there are several fundamental things to consider.
Who owns the data?
The premise of switching to an ITSM SaaS solution is that you take your customer data and store it in a non-physical location that you don’t own. This does not mean that you relinquish control and ownership of that data, though. Vendors have no desire to take ownership of your data and will most likely distance themselves from this in their service level agreements (SLAs) and contract agreements with customers. Most providers will also restrict their own company’s access to your data, unless you activate the ability for a support administrator to make changes on your behalf. This can be turned on and off at your discretion. It must be remembered that the vendors have a vested interest in protecting your data, its integrity and ownership at all costs. Trust and ownership are, after all, key to growing their own customer base.
Another area of concern for any cloud application and its security is the way in which data travels between the user browser and the application itself. Most users will be aware of SSL (Secure Sockets Layer) and the encryption it offers to online shoppers in particular, but for secure transfer of application data this has been replaced by TLS (Transport Layer Security). TLS has a greater encryption level (256-bit), which is the same level of security employed by banks. The TLS process secures the communication and transfer of data between browser and app, creating a symmetric encryption which is unique to each and every connection. Advanced ITSM cloud solutions that employ this encryption method will also use the protocol to secure email transactions between the application, end-users, managers and support specialists.
Vendors and their role in maintaining application security
Cloud ITSM vendors will employ many security and access protocols to maintain the service that they supply to you. Access and usage of the system is frequently monitored and threats or attempts to gain access or to action unauthorised operations are dealt with immediately. Because of the threat to data integrity, and of course the vendor’s bottom line, it is common for the vendor to continually test its own code and cloud environment security, so that it can patch any vulnerabilities before they occur. This is also true when considering application updates and releases – where it is not only the security that needs to be tested, but also the impact that it will have on user data access and process.
The modern security threats we now face will force organisations to scrutinise their IT network, infrastructure and software assets. ITSM already offers much of the data and analytics that will help with such scrutiny, but the way in which this application and others across the business are delivered can also increase security and reduce the burden on IT. The cost savings in assets and their maintenance creates a compelling argument for a move to the cloud. But reducing costs and increasing security is only the beginning. Organisations still need to look at how they can improve network and asset security to face down the hacking threat. Savings in ITSM deployment are a serious route to consider as it this will free up vital IT budget for other security solutions that are more far-reaching and targeted than ITSM alone.