Cloud systems are particularly often used by companies in the areas of project management, financial accounting, production control or CRM and CMS. The integration of cloud solutions can help to react faster and more flexibly to market requirements. But on closer inspection, companies in Germany act with great scepticism.
According to the Cloud Monitor 2018 (a recurring study conducted by Bitkom Research on behalf of KPMG AG) among 557 companies with 20 or more employees, two thirds of all companies surveyed use computing services from the cloud and a further fifth are currently considering using the cloud. Most companies (62%), however, state that they "use the cloud exclusively or rather for non-critical applications, environments and workflows with low volumes".
Data security and the possible loss of data are cited as the two main obstacles. In addition to the fear of unauthorized access to sensitive company data, half of the companies surveyed (50%) also cite legal uncertainty as an obstacle to using cloud solutions more intensively. It is interesting to note that the larger the company, the more willing it becomes to store mission-critical data and applications in the cloud.
This may be due to the positive effects resulting from the use of the cloud. Cloud services can be adapted to the user's needs within a short period of time. In addition, there is no need for costly maintenance and operation of IT resources in the company, as upgrades are carried out by the provider. A cloud also supports the requirements of the working world 4.0 for flexible working hours and locations, as IT resources can be accessed from anywhere and at any time. Another point is the cost benefits: Services can be rented from external service providers and are billed as required. Likewise, the renting of these services is clearly more favourable than the acquisition of the hard and software, which supplies a comparable achievement. In the future, cloud computing will increasingly establish itself as a standard technology, as other systems (depending on the industry) become obsolete more quickly and may no longer be operated by providers.
SMEs can also benefit from cloud systems. Without large investments in new IT infrastructures, cloud computing creates new experimental spaces in which innovative business models can be developed and tested. As a result, SMEs no longer compete with big players and have the opportunity to develop new markets and target groups.
Despite all the advantages, the fear of unauthorized access to data in the cloud must be taken seriously. A distinction must be made here between access from within the company and external access. Data misuse by your own employees can be prevented by using a CIAM tool (Customer Identity and Access Management) within the company. The employees are assigned roles and authorizations. If data misuse is suspected, employees must identify themselves using multi-factor authentication. So-called strong authentication, for example through one-time passwords and biometrics, offers maximum security and can be used not only for employees, but also for production processes or customer contact.
In addition, it must be ensured that only authorized cloud services are used within a company. In many companies there is an "IT shadow world" as employees try to make work processes easier for themselves. For example, cloud services are used to manage appointments in the field that are not authorised by the head office or linked to its data. This is often a high-risk area.
Authentication and encryption of data play a central role in preventing companies from the risk of loss or unauthorized use of data in the cloud from outside. The decisive factor should not be the costs of a cloud service provider, but the possibilities of agreeing a service level agreement (SLA) with the cloud provider. In addition, cloud services from non-European countries must often be treated with caution, especially with regard to the DSGVO. Due to the lack of uniform security certifications for cloud services, there is still a certain degree of legal uncertainty here. The ISO standard 27001 according to the IT basic protection of the German Federal Office for Information Security (BSI) can serve as a guideline here.
There is no such thing as a right cloud solution. Important selection criteria are among others:
Because there are different types of services. A distinction must be made between them: Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS).
Cloud solutions open up numerous opportunities for future-oriented companies to implement innovations faster and to limit financial risk. When planning, implementing and using complex cloud infrastructures, it can be helpful to call in external expert know-how. This should be an independent partner who works together with the company to determine actual requirements and derive independent recommendations for action.
Sources: Führen in der Arbeitswelt der Zukunft - Instrumente, Techniken und Best-Practice-Beispiele, Swetlana Franken, Springer Fachmedien Wiesbaden, 2016 | Global Access | heise.de | ingenieurversteher.de | scopevisio.com