As more of us use online software applications such as Yahoo mail or Google mail or Google Docs the questions and concerns about safety come up. This is a common discussion among not only IT people, but also among business and even casual users. Peter Nulty of Wells Fargo recently had an discussion about the subject and his first question was about security. There are three main concerns that come to mind.
- Accessibility – Will we always be able to access our data when we need it?
- Security – Will our data be protected from prying eyes?
- Exit Strategy – What if the provider goes out of business?
Accessibility is usually stated in the service level agreement. Keep in mind that often quoted 99.9% up time does not mean all the time. If you do the math that level of service could equal up to some serious downtown:
Number of Minutes For Given Period
Day Week Month Year
1.44 10.08 43.2 525.6
This level of service could result in up to 8.76 hours of downtime per year. You could lose slightly more than a workday of service. On the plus side it is statistically impossible that your downtime would happen on a business day and encompass the entire time from 8:00 AM to 5:00 PM.
Security is more important than ever. Security of data and even data stored online is the responsibility of two parties. It is your providers and your responsibility. The provider should store your data in a hardened data center with around the clock monitored physical security. The stream of data should also be encrypted. Most studies of big name application and storage providers have demonstrated security measures that far outweigh the security found at even the largest enterprises.
Your responsibility falls in the areas of strong access controls, good password policy, and using secure networks. Be sure that each user as a separate login and password. This way you can more easily track data changes and more easily make personnel changes. You might also be able to set access rights based on each users identity. Also do not fall short in choosing passwords. Choose random strings of letters, numbers, and symbols that are at least eight characters long. Always consider the network that you are using to access your data. Try not to access sensitive data on public non-encrypted networks such as those found in coffee shops and etc.
In this economy it is more important than ever to have an exit strategy. It has been discussed that like many other types of businesses that not all online application providers will survive this economic downturn. You should be aware during the evaluation stage what mechanisms are in place to migrate your data to a different provider or even your own premises if necessary. Nothing would be chilling than the thought of going to the provider web site one day to find an apology about their recent closure.