Last summer, when Edward Snowden released documentation proving that the NSA has been spying on everyone’s data, it impacted the US cloud storage industry. Many foreign and US companies have decided to move their data onto clouds located outside the US in order to protect their data from panopticon-styled NSA investigations, but is this necessary? As a business owner, you want the answers to the real issue: Is a cloud-based ERP like Acumatica or NetSuite safe for your business?
First off, what do we mean when we say “cloud”?
The cloud, specifically the “public cloud,” is the integrated system of information sharing that allows you to access your data on any device at any time. Basically, everything you can do on your smartphone or tablet is powered by the cloud: email; document sharing through Box or Dropbox; file clipping through Evernote, Instapaper, or Pocket; Office 365; Google Docs… the list goes on. In fact, your contacts themselves are probably stored in the cloud—either in Google’s servers if you have an Android phone, Apple’s iCloud if you have an iPhone or iPad, or Microsoft’s servers if you have a Windows 8 phone. In short, you are already using the cloud…but is it the right choice for your business data? That really depends on your business’s needs.
What benefits does the cloud offer your business?
Businesses gain many, many benefits from the cloud, benefits that they cannot get otherwise. Remember the days when you had to print your calendar every day and use a planner? Remember the days when you had to spend time copying your files onto a USB drive to access them at home? Remember when an office fire had the power to corrupt all your business data? Yeah, that was life before the cloud.
Cloud services make you, your business, and your employees much more productive and secure:
- Increased overall business productivity—employees have access to their data anytime and anywhere
- Save money—no need to maintain an in-house IT department
- Reach more customers—take your business online with an eCommerce site
- Eliminate your infrastructure costs—flexible cloud storage grows with your business
- Save more money—business offices require less space and less overhead
- Keep your talent—workplace flexibility makes your employees happier
- Protect your company—effective, constant backups and virtualization provide complete business continuity, even when you experience a “black swan” event, such as flood, fire, hurricane, etc.
- …and more
“Prior to today’s media-hyped paranoia about government surveillance, corporate IT spending has been trending toward outsourcing for many years. Few corporations have no data in the cloud let alone no data with a hosting company, collocation provider or outsourcing firm. Think your firm is the exception? Do a quick travel and expense audit against Evernote, DropBox or similar services. Swear on a Bible that none of your employees have company data sucked up into iCloud. Sign a legal tender that none of your partners are storing your data or data about your company in the cloud or with a service provider. Oh well.” –James Staten, analyst for Forrester Research
What does the NSA have to do with your business?
If you are a US-based company or you route information through US-based companies, the NSA has the right to inspect your data, no matter if it’s on the public or the private cloud. This can happen in two ways.
- According to law, the NSA may legally demand your data from US-based companies that maintain your data. The companies holding your business information (such as Facebook, Dropbox, Apple, and many, many others) are required to comply with the NSA’s requests, but they do make sure to carefully determine the legal backing that the NSA has; data protection is the hallmark of the cloud, and the companies holding your data build their businesses on your trust. To maintain that trust, cloud companies take your data protection as seriously as you do, and scrutinize every single NSA demand very carefully.
- The NSA also has the power to inspect your data as it travels over the cloud, even if the cloud being used is a private cloud. Previously, it was thought that if your data was stored in a private cloud, it could not be accessed by the NSA. The private cloud is a type of cloud that is only used by your specific company and has no contact with the public cloud (which, to make it ridiculously simple, is pretty much what we call the Internet). In November, 2013, the Washington Post confirmed that the NSA can access private cloud data, namely data that is highly encrypted and is transmitted on privately owned fiber optic cables. Data that is in transit is called “data on the fly,” and it differs from “data at rest,” which is data that is simply sitting on your hard drive or personal server. The NSA can access data on the fly without your permission, but not data at rest. To clarify, the NSA does not have the right to break into your servers, but it does have the right to access your information without your knowledge as it is being transmitted. Remember though, that if the government has probable cause, a search warrant, or a subpoena they can access your privately stored server or computer data as well.
Is there a risk for your business if you use a cloud-based ERP like Acumatica or NetSuite?
Once again, that depends. However, unless you’re a terrorist or your business supplies terrorists, you don’t really have to worry.
NetSuite offers their services over the public cloud, so your business data would be potentially accessible to the government or hackers. However, NetSuite builds their entire business on maintaining your data security and because NetSuite is a company of data security experts, your data is likely to be safer with NetSuite than it is with you.
Acumatica offers both a public and a private cloud option, so if you handle sensitive information for your customers, such as healthcare information, social security numbers, or financial account numbers, the increased protection offered by Acumatica’s private cloud might be a better choice. Just like NetSuite, Acumatica is also a company of data security experts, and they can also protect your data much better than you probably can.
What if I decide to store all my data only at my business?
You could use an entirely closed system, stored only on your own servers…but what a closed system offers in terms of potential data security is far outweighed by the inconvenience you’d face. As just a few examples:
- If a hurricane hit your business…you’d lose all your data.
- If you want to access a file or contact information from work…you’d have to go to work and use your desk computer.
- If you want to know what’s on your calendar tomorrow…you’d have to go to work and use your desk computer or dig that Day-Timer out of the back of your closet.
- Plus, you’ll face larger infrastructure costs, higher overhead for increased office space, and your employees will experience lower levels of job satisfaction…and may leave your company entirely.
We can’t tell you if your company needs the cloud or not, only you can make that decision. However, before you make a choice, consider this closing quote:
“…It’s highly likely these values [from the cloud] are worth more to you than the potential risk you think your company faces due to government surveillance. And if your company is a prime target for government surveillance, you are probably being watched from within your own firewalls right now.” –James Staten, analyst for Forrester Research
Join the conversation: How has the information about the NSA affected your business’s ERP choice, cloud usage, or computer usage?
Photo courtesy of Idea go / FreeDigitalPhotos.net