BI Security: Is Your Business Data Safe In The Cloud?
There are numerous advantages to cloud-based business intelligence solutions. In fact, BI and the Cloud complement each other in so many ways that it is tempting to see them as the perfect match.
BI and analytics is all about visibility. No matter what is happening in your business, no matter how much data is being generated, no matter how big and complex your digital infrastructure is, you want to be able to dig down into the smallest details quickly, efficiently and effectively to inform your decision making.
With cloud-based BI, you can plug in as many different data sources as you want from as many different locations without any hassle – no having to install multiple iterations of the same software platform, and then configuring them all to work together. Cloud platforms offer virtually endless scalability, so no matter how much your business grows and how much data is churned out, your cloud BI solution will grow with it. And when you really want your business data at your fingertips for anytime, any place decision-making, you can log onto your cloud BI account from any device.
But one question still hangs over cloud BI – is your data safe? In these times of tightening regulations around data security, not to mention the high value data has to a business, information security has become a key concern. Despite a decade and more of cloud computing, many businesses remain unsure about the idea of constantly transferring high volumes of sensitive data back and forth over public networks to be stored in remote, often shared servers in public data centres. Wouldn’t it be much safer to keep it all on-premises, or at most in a private cloud?
In fact, while these remain valid questions to ask, the companies which operate the public cloud infrastructure on which most hosted SaaS solutions are now based – we’re talking names like Amazon Web Services, Microsoft Azure, Google Cloud and IBM Bluemix – have invested considerable fortunes in Cloud security. So much so that in many ways it now represents the gold standard in systems and data security.
Here are two key considerations.
Data centres – the impenetrable fortress
The threats to a server run in a data centre which hosts public cloud platforms are much the same as the threats faced by any office server run on any business premises. Cyber threats such as hacking, malware and DDoS attacks, physical threats like power outages, fires and other natural disasters, system failures and plain old human error can all lead to data in any type of server being compromised, stolen or lost.
The difference is that the people who run the data centres – just remember those names, Amazon, Microsoft, Google, IBM – have much deeper pockets than the average business to invest in the most powerful, up-to-date, cutting edge security and redundancy protocols for their servers. Indeed, their business strategy depends on it – without offering exceptional QoS in all areas, not just security but in terms of download and upload speeds, network capacity, minimal downtime etc, people would not use the Cloud as there would be no benefit.
Likewise, it is in the business interests of your hosted Cloud BI provider to offer exceptional levels of security as part of the service offer. Whether it is data encryption, anti-malware, recovery protocols or access controls, SaaS BI platform brands have to ensure data is kept safe and secure at all times in order to maintain a reputation for reliability and high service standards.
It is worth pulling out access controls from the above list as this is an element of Cloud security that depends on the user as much as the service provider. In general terms, it is well known that the majority of data breaches are not caused by malware attacks or phishing – they are more likely to be down to human error, to people accidentally e-mailing sensitive information to the wrong person, or losing an unencrypted device.
In the context of any IT asset, not just BI platforms, this makes access control of key importance. To combat the challenge, especially acute in large organisations, of ensuring different users can only access data they are authorised to see through the same BI system, most vendors now include role-based access control. Likewise, many will include some kind of two-factor authentication for log in.
But for all the security protocols a vendor can build into an application, if users never change from default passwords or leave sensitive data sets open on an unlocked platform, security cannot be guaranteed. Access control therefore needs to be accompanied by appropriate levels of training about data security and appropriate protocols for its protection.
Fruition IT is an IT recruitment consultancy specialising in placing candidates across the UK and Europe. Our key specialisms are Analysis & Project Management, Development & Testing, Information Security, Data & BI, Infrastructure & Service and Senior Appointments. To find out more about the services we offer, please contact us here.