As the dust settles after the recent Guardian revelations that the US Government has systems in place to monitor information online, various sources are starting to analyse what this means for the future of enterprise software, cloud computing and generally the prospect of doing business online.
For those of us in the industry, the dangers of placing your data online are not new. Ongoing cyber attacks – especially from China – has been in the focus of discussions for months now. Security has always been one of the main issues and perhaps – along with service availability – the basic concern voiced when talking with new customers and collaborators.
The recent events are likely to make even more business rethink the prospect of moving some of their software online but fortunately things are not as grim as portrayed by some. Let’s break down the situation to some distinct cases.
Size does matter
For one thing there are large and medium businesses and then there are small and very small ones. The first category, the larger they are the more likely to be a target for online snooping for whatever reason – either from the government itself, a competitor from abroad or something else. These types of business have a lot more to worry about and should be alarmed by the recent developments. However, they probably are already aware of the dangers and have already taken measures either by customised, hosted or otherwise protected solutions or by some sort of hybrid approach.
The second category, the rest, are simply too small to either be worth the trouble of becoming a target or of affording to be properly protected by extreme measures. But their best protection is their size – why would anyone bother with a small business minding its business? There’s always of course the possibility of a rogue hit but what extreme is justified to protect something from a one in a thousand (or more) danger?
Don’t try this at home
The other thing to note is the type of protection itself. Many evangelise (and will increasingly do so from now) that companies will or should start moving their data either behind firewalls or on privately owned clouds.
Again the solution of take everything off the internet and put it behind a firewall is an approach offering protection. This means having or being able to own the expertise to appropriately set things up. The key here is appropriately. A firewall – and similar measures – not set correctly is quite dangerous in itself. Perhaps the complacency it offers is even more dangerous than knowing you’re not protected and need to do something.
The complexity increases exponentially when considering buying and setting up your own cloud. In other words, if you can’t handle a firewall, something much more elaborate will definitely need more resources than you can afford to maintain its security.
So unless what’s at stake is really that valuable and expensive it’s probably best to make sure management of your infrastructure happens at the hands of experts. This doesn’t mean outsourcing it. Instead it actually means “letting go of it” to be in the cloud, in a quality data center somewhere where dedicated expert personnel will allow it to have the best possible protection. That will happen in bulk along with businesses of a similar profile as yours – but that’s ok. It’s good enough.
Time to relax
And what more could you ask for in this overcomplicated business setting but for someone to take care of the infrastructure issues in an efficient, value for money approach?
PRISM and similar initiatives which may or may not exist in other countries are a serious issue for individuals and the society. They are potentially a significant issue to be addressed by large companies. But smaller companies should probably have at least off their minds.