“Cloud Computing: Key Trends and Future Effects,” a study recently published by IDG Enterprise, highlights that, though cloud hosting and computing programs (including IaaS and SaaS) are growing in popularity, data security concerns remain a top concern among technology decision makers.
For IT consultants responsible for recommending software and infrastructure to their clients, the study’s findings are instructive and reinforce the importance of maintaining proper risk management procedures. Here’s a look at the details of the study and what it teaches IT consultants about protecting their business.
Cloud Computing Concerns Abound, Despite the Cloud’s Popularity
The overarching narrative of the IDG study is that business leaders both recognize the utility and benefits of migrating certain systems to the cloud and fear the damage that could happen if their cloud-stored data were breached or hacked:
- More than half of businesses surveyed (61%) already rely on cloud databases for at least one business application.
- Nearly half (49%) recognize that cloud computing has the potential to transform the way they run their businesses.
- One of the top three concerns (shared by 38% of business leaders) regarding SaaS platforms is the security of the cloud provider.
And though a majority of firms are already using the cloud for at least some business practices (with the remainder planning to adopt cloud functions in the next three years), most of those businesses are currently choosing the cloud for less-sensitive data: conferencing and messaging are among the most popular functions to move to the cloud. Human resources and security management are among the least. (Read more about cloud security in "Data Security in the Cloud: Concerns for IT Firms with Legal Clients.")
Cloud Security Tips for IT Consultants
So how can IT consultants meet their clients’ desire to add cloud computing applications to their businesses while limiting the risks they expose themselves to? Before I answer that question, let me review how recommending cloud services to a client can expose you to liability.
As a consultant, you offer IT and technology guidance to businesses that may not have an in-house expert in your field. Just as a toy manufacturer can be held liable for a product that causes a child to choke, service professionals can be held liable when their advice causes their clients to lose money or suffer reputational damage.
So if you recommend cloud-based software for a client’s HR system and that software gets hacked, you could be liable for the costs of the resulting data breach – and trust me, those can be significant (the average cost of a data breach in 2012 was $5.4 million).
Luckily, there are ways IT consultants can manage the risks they face when advising clients, whether or not they suggest adopting a cloud computing system. These include:
- Using contracts religiously. Establish from the beginning of professional relationships what everyone is expecting. With a legally binding contract in place, it’s harder for a dissatisfied client to take you to court over perceived errors and omissions on your part.
- Keeping lines of communication open. Checking in regularly with clients goes a long way toward avoiding catastrophes. Even if everything’s on schedule, it’s a good idea to make time to update your clients about your progress. Regular conversations give you a chance to identify any potential problems (e.g., employees who aren’t updating their antivirus software regularly) before they cause damage.
- Maintaining an Errors & Omissions Insurance policy. Even the most careful IT consultants can be slapped with a lawsuit. When it happens to you, you can rest assured that your business assets are protected when you have an Errors & Omissions Insurance policy in force to cover the court costs of defending yourself and possibly paying settlements or damages.
Read more about how cloud computing affects your cyber liability in "What Cloud Computign Means for Cyber Liability."