by Scott Lewis
Part 3 of 3
Telecommunications is another area that can be confusing to clients. Customers need a product or service; they contact their technology provider; and the technology provider makes a couple of recommendations to the client, who picks a service based on a multitude of factors. Those factors could be items such as speed, price or installation costs.
Now the question is: Who is liable for the service if the client is unhappy with the product? Unlike the manufacturing process, in which a specific manufacturer is purchasing the raw materials and then either building a product in house or assembling the product on site, in the technology arena, when the end product is something such as software, hardware or telecommunications, those contracts with the client are held by the actual manufacturers, such as Microsoft, Verizon or Dell.
Although the client might feel that the technology provider is responsible because of the recommendation made to the client, in actuality, because of risk transference and the fragmentation of the technology industry coupled with the fact that the customer signed an agreement specifically with the manufacturer of the product, the liability for the performance of said product remains with the manufacturer. It is situations like this that create confusion and a lot of frustration among customers throughout the technology arena and why cyber-insurance is important, as is risk transference, as part of your ongoing security management strategy.
Now let’s take a little closer look at the strategy of cloud computing and how risk transference applies when it comes to cloud computing.
Cloud computing has been around for decades. It has gone through a few name changes over time; prior names included centralized computing and mainframe computing. As cloud computing has become mainstream, three basic types have emerged – public, private and hybrid – and each has its own pluses and minuses when it comes to risk.
When it comes to cloud-based computing, let’s face the reality of the world. If you think cloud-based providers are going to be liable for your data, you’re wrong, regardless of which provider you pick: Azure, XpressHost, Amazon, Google or one of the multitude of others. They have become experts at limiting or eliminating their risk and liability to your systems and data.
We all use terms like “privacy statements,” “auditing,” “compliance,” “security” and “liability.” What does all that mean when it comes to risk? Risk transference. And it has been transferred back to you!
I know that for some of you I just popped your bubble; however, the silver lining is that in most cases, even though your recoverable damages are going to be limited at best, the security that most tier-four cloud providers have exceeds anything that you would have most likely installed at your business on your own. So you can now take that deep breath again.
We have discussed a lot about risk, but the question to still be asked is: What are some of the biggest risks to your business and your data?
The truth of the matter is that the biggest threats to your business and your data are your own employees, more so the disgruntled employee, but just because an employee is disgruntled doesn’t mean he or she doesn’t still work for you.
Exactly where are your employees storing your data? That Dropbox account you don’t know about? Those flash drives they carry in their pockets? Those outside email accounts they have for personal use? These are services and tools that both disgruntled and simply misinformed employees use that put your organization at risk.
Mobility. We want it! We love it! We must have it! It is also one of the biggest risks your business can face. All those smartphones, iPads and tablets carry data and corporate information within them. “Don’t worry – I have a password.” Do you really think I need your password to highjack your phone? And you are at greater risk if you have a policy around BYOD (bring your own device) and are allowing your employees to manage your corporate information on devices you don’t own.
One of the newest and greatest threats to your business related to a mobility strategy is that most smart devices will now connect through some kind of VPN or tunnel and the people who write Trojans, malware and ransomware are now taking advantage of these devices to infect corporate networks. As part of your security awareness program, you must take into account mobility and put in place countermeasures that protect not only the mobile device but the backside corporate network as well.
Going back to the popularity of cloud applications, they are also one of the biggest risks you face. Cloud applications are all the rage, easy to use and maintained by the software company. You just pay a fee and use the software. This is a great idea! And it is! However, do your research and talk with your vendor about encryption of the data. As a cloud provider and cloud applications provider, I want you to embrace cloud-based systems. However, make sure that you are protected and that your vendor is using some kind of high-level encryption to protect your sensitive data.
I have always said that if you had a systems breach by someone who knew what he or she was doing, you would never know it until you saw it on the news or read about it online. With all good intentions, we feel we are doing the right things – we have firewalls, we have passwords and we have web filters, warm and fuzzy all. However, in today’s world, with an ever-increasing demand for cloud computing, which is creating tremendous data fragmentation issues for corporations; mobility; and instant communication, we often forget to re-evaluate how we manage risk, including what kinds of insurance and risk transference protections we have in place.
Risk management and mitigation is a career path all its own. It is something that must take place at the senior corporate level, not with the IT guy in his little office in the basement. Security and risk management are worthy of your time, effort and budget and should be part of your overall business management practice.
Scott Lewis is the president and CEO of Winning Technologies Group of Companies, which specializes in the selection, implementation, management and support of technology resources. Scott has more than 30 years of experience in the technology industry and is a nationally recognized speaker on technology subjects such as collocation, security, CIO-level management, data and voice communications, and best practices related to the management of technology resources. For more information, visit www.winningtech.com or call 877-379-8279.
Submitted 8 years 360 days ago