On-premise software is installed locally, on a company’s own computers and servers, whereas cloud-based software is hosted on the vendor’s servers and accessed through a web browser. For this reason, security is often the top concern for those looking to migrate to the cloud; however, reputable cloud vendors have strict standards in place to keep data safe and are usually more adept at practicing proper data security protocols.

One of the biggest myths surrounding the cloud is that it is inherently insecure. You can understand why some companies are hesitant, considering the sensitivity of the information being stored— including company financials, corporate trade secrets, employee information, client lists and more.

In the same way that cloud computing offers organisations the opportunity to access scales of economy and efficiency that they cannot reach themselves, cloud service providers are generally able to manage cyber security issues much more effectively than any single organisation can on its own.

“The most common reason a business is not open to the cloud is a lack of understanding around the benefits of the cloud and the enormous risk of on-premise deployments,” Morgan Duncan, Managing Director at cloud-based utility billing software provider Utilibill, said.

“However, as we progress, Chief Information Officers and business leaders are learning that their biggest risk is actually internal staff and an often lax internal security policy. Cloud providers take security very seriously and usually invest heavily in firewalls, anti-virus software and threat mitigation strategies.”

The truth is that successful data security is more about who has access to data as opposed to its physical safeguarding. Setting up the right encryption and controls for the right sets of data is critical to ensure that only those with the appropriate permissions can access it.

Individual developers and system managers should not have uncontrolled access to resources, and role-based access controls can be used to establish user privileges. These roles should ensure that no one person can adversely affect the entire virtual data center.

Two-factor authentication and strong passwords also reduce the risk of credential compromise or a malicious insider. Stolen user credentials enable an attacker to control and configure an organisation’s cloud resources, but the use of multiple authentication mechanisms requires an attacker to acquire a variety of independent authentication elements, reducing the likelihood of a data breach.

Beyond access control, data protection involves using encryption to block authorised access to data; ensuring continued access to data in the event of errors and failures through backup and recovery processes; and preventing the accidental disclosure of data that was supposedly deleted, but may have been replicated to ensure historical data is maintained across systems. Cloud service providers offer significant guarantees against loss of persistent data, but you must ensure that their data storage and recovery processes meet your organisation’s needs.

Ensuring effective data governance

When it comes to selecting a cloud provider, the requirements you have and evaluation criteria you use will be unique to your organisation. Data governance and security should be a key part of this decision, and organisations that rush to adopt cloud technologies and choose providers without performing due diligence expose themselves to a number of risks.

Assess the cloud provider’s levels of data and system security, the maturity of security operations and security governance processes. The provider’s information security controls should be demonstrably risk-based and clearly support your own security policies and processes.

Data sovereignty, which refers to the country in which data is stored and the issues that can flow from that, may also be an important component of the selection process. Data stored in non-Australian jurisdictions will be subject to the laws of the other country and may limit the ability of Australian authorities to help if there are issues.

Storing your information in Australia is the most straight-forward and reliable choice if the cloud service has the option.

“If your data is not being hosted in Australia, you should try to resolve this as quickly as possible. While storage offshore is drastically cheaper, the risks of losing control of your customer data in a foreign country are greater. Taking action in response to a breach may also pose challenges,” Mr Duncan said.

“We recommend to all our customers to keep their data on the shores of their own country where cloud vendors are bound to the same privacy principles. Utilibill has data centers around the world to ensure we can host our platform in the countries that our customers operate from.

“You can also engage a security consultancy to analyse your system security. They will find weaknesses and provide you with a report on how to resolve them. Cloud providers like Utilibill must adhere to PCI compliance (data storage requirements that must be followed by all companies accepting payment from customers via credit or debit card) and may be audited.

“If utilities can move beyond their security concerns, they are likely to enjoy an immediate return on investment by migrating to the cloud. This is driven from the reduced need for support and technical staff, reduction of disparate systems and their associated absorbed costs, and in many instances, moving from resource-intensive manual processes to highly automated ones.

“Our platform addresses a number of key issues that retailers are suffering from today, including data redundancy, failover and high availability, along with bandwidth that scales on our software defined network as required, to name a few.”

With high-quality, Australian-based customer support available at no extra cost, Utilibill is committed to providing exceptional services to utilities across the country.