It has not been popular in recent years to say anything negative about the great and mighty cloud solution for companies with IBM i and other servers. Cloud has its place in our increasingly data driven world. But it’s not the optimal solution for every company.
There are many cost-effective software alternatives to help stretch capacity and get more efficient and effective at managing data. So why expose your company to the security risks of what is still a relatively new technology if your company does not need cloud services?
I just read a great article on Forbes that lays bare the risks to health care data when using cloud solutions. The article quotes a cloud security vendor as estimating that over 90 percent of cloud services used in healthcare pose a medium to high security risk. More than 50 risk factors were evaluated including things like data encryption and two-factor identification.
This is truly alarming when you consider that patient health information is at stake, as well as credit card information that can lead to identity theft. A recent breach of 4.5 million patient records at Community Health Systems shows the magnitude of the risk. Apparently the open source bug Heartbleed is considered a contributing factor to the breach.
Interestingly, there was a popular culture story making the rounds in recent weeks that helps consumers understand the cloud risks. A cloud vulnerability caused several celebrities to have their accounts hacked and the hacker released nude pictures that were stored. Why anyone keeps nude pictures on their phone or computer (and ultimately the cloud) is a debate in and of itself. But it shows the risks we all face as individuals and companies when we hand over critical and private information off premise.
Risk to critical data is an issue with or without cloud. So what can companies do to mitigate it?
- Evaluate your capacity needs. If you don’t truly need cloud, stay off of it.
- Make better use of the infrastructure you have by using software to maximize the output of your IBM power systems.
- Use message monitoring software to get quick notification of both system issues and potential security issues like multiple password attempts.
- Evaluate and fix the security risks to your physical premises.
- Train your employees to follow security procedures.
Not going to cloud could be a boon for IBM and other manufacturers if it means companies will add to their infrastructure rather than use cloud services. Investment in infrastructure is expensive and harder to scale than cloud. So it’s not that I’m on the side of manufacturers. I’m on the side of companies making decisions that make the most sense for their business – without feeling like they are “behind” if they don’t start using cloud services.
Additional resources on this topic:
Why Software, Not Cloud, Should be Transformative IT Priority for AS/400 & IBM i
Cloud No Security Panacea for IBM i
Heartbleed Aftermath – The Risk to Data on Your AS400
SEP