A common question for those who are new to cloud technology is just how secure it is. Even those who are familiar with the cloud and were convinced of the safety of entrusting their data to the technology have been revisiting some of those questions in light of recent events.
The cloud is as
There are a couple of distinctions that need to be made when talking about cloud and data security. One is the difference between public and private cloud.
A private cloud is not unlike a company intranet in that it is limited to a very specific set of users and may be physically hosted on the user’s premises. The recent news that the Central Intelligence Agency had let a contract to Amazon Web Services for cloud technology appears to have at least one component that is private cloud – at least based on as much as anyone can glean from the CIA, which doesn’t make details of its contracts public. Still, the CIA is investing a reported $600 million in AWS cloud technology over 10 years and if even some of that is for classified data, that’s a lot of trust.
The other cloud is what most people know and think of – public cloud. Somewhere between a private cloud and a fully public cloud is the Kindle app that has all of your purchased content on a server maintained by Amazon. It readily shares with any devices you have authorized. But a more appropriate example may be an application like Photo Bucket. Photo albums you establish on Photo Bucket can be fully public or password protected. If you have photos you prefer to keep private, you share a link and password with users you authorize to view them, otherwise, they are private.
In supply chains, there is often a mix of the types of cloud technology. Even on a private cloud, certain users can be granted access to a limited amount of information. For instance, you may determine that your transportation department doesn’t need access to price data on purchasing contracts, but you want them to be able to see order quantities and dates.
The same is true of suppliers and customers you want to allow onto your cloud. You may restrict a supplier to its own purchasing and transportation information, or under the right circumstances where there is close collaboration, you might allow a few suppliers who provide components on the same final assembly bill of materials to see certain status messages that include each other.
The point is that you can open and close doors selectively. If you stop using a supplier, you can lock the door. If an employee leaves, you can deactivate their access codes.
Recent headlines involving the National Security Agency monitoring phone records of U.S. citizens raised some concerns – mostly among the general public. Businesses already share quite a lot of information with the U.S. government, whether it is for tax purposes or imports and exports. Many of the concerns about keeping private details of contracts private on Customs forms that feed import databases were dealt with when Customs automation and other changes were taking place, so most companies are reasonably comfortable dealing with the government.
An interesting reaction to the NSA disclosures was a shift of interest to non-U.S.-based cloud technology. International firms, in some cases, preferred a cloud host who was not in the U.S. and ostensibly not subject to possible NSA intrusion. As with the CIA, NSA is in a position of saying as little as it can about what it does, so it is not easy for them to ease those concerns. On top of that, the home countries of those non-U.S. companies have similar agencies. The UK’s GCHQ, in fact, probably saw some if its first headline coverage in the wake of the NSA allegations.
The bottom line? The cloud is as safe as you make it. Plan your cloud strategy and do your due diligence on security and access as you develop the tool and it is as safe as your own systems. In fact, it may be safer because a cloud provider has every motivation to upgrade its security and technology continuously. Many companies will make major upgrades as part of a scheduled IT system upgrade. It’s like the family car vs. and Indianapolis racer. You check your tire wear and change your tires every 30,000 miles or so while the Indy pit crew swap tires a couple of times in a single race. Your cloud pit crew will keep you current on security.
The people who should worry about the NSA, FBI, or any other three-letter agency looking at their data are the bad actors who are doing the kinds of things those agencies want to prevent. If your goal is to run the most efficient supply chain to deliver the best bottom-line performance, the cloud is a powerful set of tools for you.