Cloud solutions in companies: chances and risks
Europe's economic competitiveness is at stake. The increasing digitalization of almost all economic sectors is currently an intensively discussed topic. There have been criticisms of excessive reluctance to integrate existing innovations and lagging transformation of the opportunities offered by industry 4.0.
Cloud systems are particularly often used by companies in the areas of project management, financial accounting, production control or CRM and CMS. The integration of cloud solutions can help to react faster and more flexibly to market requirements. But on closer inspection, companies in Germany act with great scepticism.
According to the Cloud Monitor 2018 (a recurring study conducted by Bitkom Research on behalf of KPMG AG) among 557 companies with 20 or more employees, two thirds of all companies surveyed use computing services from the cloud and a further fifth are currently considering using the cloud. Most companies (62%), however, state that they "use the cloud exclusively or rather for non-critical applications, environments and workflows with low volumes".
Benefit from advantages, keep an eye on risk factors
Data security and the possible loss of data are cited as the two main obstacles. In addition to the fear of unauthorized access to sensitive company data, half of the companies surveyed (50%) also cite legal uncertainty as an obstacle to using cloud solutions more intensively. It is interesting to note that the larger the company, the more willing it becomes to store mission-critical data and applications in the cloud.
This may be due to the positive effects resulting from the use of the cloud. Cloud services can be adapted to the user's needs within a short period of time. In addition, there is no need for costly maintenance and operation of IT resources in the company, as upgrades are carried out by the provider. A cloud also supports the requirements of the working world 4.0 for flexible working hours and locations, as IT resources can be accessed from anywhere and at any time. Another point is the cost benefits: Services can be rented from external service providers and are billed as required. Likewise, the renting of these services is clearly more favourable than the acquisition of the hard and software, which supplies a comparable achievement. In the future, cloud computing will increasingly establish itself as a standard technology, as other systems (depending on the industry) become obsolete more quickly and may no longer be operated by providers.
SMEs can also benefit from cloud systems. Without large investments in new IT infrastructures, cloud computing creates new experimental spaces in which innovative business models can be developed and tested. As a result, SMEs no longer compete with big players and have the opportunity to develop new markets and target groups.
Despite all the advantages, the fear of unauthorized access to data in the cloud must be taken seriously. A distinction must be made here between access from within the company and external access. Data misuse by your own employees can be prevented by using a CIAM tool (Customer Identity and Access Management) within the company. The employees are assigned roles and authorizations. If data misuse is suspected, employees must identify themselves using multi-factor authentication. So-called strong authentication, for example through one-time passwords and biometrics, offers maximum security and can be used not only for employees, but also for production processes or customer contact.
In addition, it must be ensured that only authorized cloud services are used within a company. In many companies there is an "IT shadow world" as employees try to make work processes easier for themselves. For example, cloud services are used to manage appointments in the field that are not authorised by the head office or linked to its data. This is often a high-risk area.
Authentication and encryption of data play a central role in preventing companies from the risk of loss or unauthorized use of data in the cloud from outside. The decisive factor should not be the costs of a cloud service provider, but the possibilities of agreeing a service level agreement (SLA) with the cloud provider. In addition, cloud services from non-European countries must often be treated with caution, especially with regard to the DSGVO. Due to the lack of uniform security certifications for cloud services, there is still a certain degree of legal uncertainty here. The ISO standard 27001 according to the IT basic protection of the German Federal Office for Information Security (BSI) can serve as a guideline here.
The largest cloud providers are well-known names such as Microsoft, Amazon, Google and IBM. © John Voo, Flickr, CC2.0
How to find the right offer for my company?
There is no such thing as a right cloud solution. Important selection criteria are among others:
Which processes should be covered and controlled via the cloud?
Which data should be stored in the cloud?
Who is authorized to access or does the cloud provider allow role-based user rights?
Is your own IT system compatible with the cloud system?
Which back-up strategy is required and does the provider offer it?
What security certifications does the cloud solution have?
Where is the data physically stored, i.e. where are the provider's data centres located and what is the legal basis for the provider?
What type of cloud service should be used?
Because there are different types of services. A distinction must be made between them: Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS).
Infrastructure as a Service (IaaS) is a cloud computing offering where a provider provides users with access to hardware resources such as servers, storage and network components. Beneficiary companies can store their own applications in the cloud. The advantage for companies: instead of buying hardware, the company pays for IaaS scalable on demand. This enables young companies in particular to adapt quickly and without excessive financial burdens to their individual growth rate.
Platform as a Service (PaaS) is a cloud computing offering that provides users with a cloud environment in which they can develop, manage and deploy applications. Enterprises can use a range of pre-defined tools to develop, customize and test their applications. This allows organizations to focus on their performance without worrying about infrastructure.
Software as a Service (SaaS) is a cloud computing offering that provides users with access to a vendor's software in the cloud. The advantage is that companies do not have to manage and install the software. In particular, distributed work, for example in a home office, is easy to implement. In addition, software usage is often linked to the scope and can be scaled according to requirements. Security updates etc. are imported automatically, which in turn relieves the burden on the in-house IT departments.
Cloud solutions open up numerous opportunities for future-oriented companies to implement innovations faster and to limit financial risk. When planning, implementing and using complex cloud infrastructures, it can be helpful to call in external expert know-how. This should be an independent partner who works together with the company to determine actual requirements and derive independent recommendations for action.