Despite the accelerating growth of the cloud and its adoption in key areas of business, myths about cloud-delivered ERP still linger within finance departments. Part of this is because cloud-based financials are later in the adoption cycle than sales and human capital management (HCM) applications where these concerns have already been overcome, but it also stems from finance being the clear custodian of critical operating data for the business.
When we asked IMA members their concerns about migrating to the cloud, some issues were clearly top of mind including security (35%), customization (18%), reliability (14%) and data ownership (12%). So how do some of these perceptions hold up? We take a deeper look into security and data accessibility concerns.
It’s the old question about whether your money is safer under the mattress where you can see it and touch it, or safer at the bank. This concern stems from the fact that a cloud data center is connected to the Internet and that cloud applications are accessed over the Internet.
The standard for internet security with cloud applications—whether consumer or business—is the use of banking-level 128-bit SSL security. This means that, when using a cloud application, the information is invariably more heavily encrypted than a traditional local area network (LAN)-based, pre-internet application.
Having your financials hosted in a data center rather than in your own on-premise server room also raises some interesting questions like, “Isn’t a cloud data center inherently more hackable than its on-premise counterpart?” The vulnerability of in-house systems is most clear in a New York Times article titled The Great Cyberheist where “a crew of hackers and other affiliates gained access to roughly 180 million payment-card accounts from the customer databases of some of the most well-known corporations in America: OfficeMax, BJ’s Wholesale Club, Dave & Buster’s restaurants, the T. J. Maxx and Marshalls clothing chains. They hacked into Target, Barnes & Noble, JCPenney, Sports Authority, Boston Market and 7-Eleven’s bank-machine network.”
So the question isn’t really about cloud datacenter vs. on-premise data center when it comes to security. The question is really about how many resources your organization can dedicate to data and application security to protect your financial and business data, and how that compares with the expertise and resources the cloud vendor will deploy.
Most cloud vendors have experts focused solely on running your application and keeping your data secure. These people never stop to answer an Outlook question, never have to worry about setting up PCs or fixing a printer. They begin and end each day thinking about security and uptime. Because the cloud vendor is operating under a shared services model, it’s able to create an entire function-focused purely on security, with resources and dedicated budget focused solely on maintaining stringent security standards, such as PCI DSS compliance, that are often cost-prohibitive for an organization to achieve and maintain on its own. So a cloud vendor can be more secure than a homegrown on-premise deployment.
Another concern with cloud financials is the availability of the application. A professionally managed cloud data center with multiple levels of redundancy will almost certainly provide a higher level of uptime, better security, and more transparency than an on-premise data center. Of course, whenever an application such as Gmail or Salesforce experiences an outage, it always makes the press. But, realistically, how do well-run cloud applications stack up against the availability of in-house applications?
A key place to start is that cloud vendors typically provide a service-level commitment to their users of 99.5% or better. The cloud vendor has an extreme incentive to ensure high availability through transparency and penalties they might incur and to reduce any availability risk that might impact renewal. The penalty, typically, is a refund of part of the subscription fees if the cloud vendor doesn’t meet a target service level. Through economies of scale, a cloud vendor can invest in multi-level failover and redundant systems that a typical in-house IT budget couldn’t afford.
The contrast of an on-premise deployment vs. hosted is stark. A finance department typically has no visibility into the availability of its accounting application, and the IT department often isn’t held accountable for outages—and often can’t be because of the lack of any kind of uptime reporting or service-level agreement (SLA). A professionally managed cloud data center, however, with multiple levels of redundancy, will almost certainly provide a higher level of uptime, better security, and more transparency about both. When the pros and cons are assessed, cloud computing becomes not only a viable option but a clear choice.