This article looks at two of the hottest topics in technology today – social software and cloud computing – and asks whether cloud-based social software is inherently risky for enterprises looking to take advantage of the new wave of technology innovation or whether it is possible to have your cake and eat it.
In the last five or so years, enterprise social collaboration software and cloud computing have both transitioned from the fringes of corporate IT policy to become serious business priorities.
The benefits of cloud computing and software as a service in particular are generally well accepted and represent an effective way for organisations to reduce the costs associated with running their own data centres and developing applications in-house.
In addition, the adoption of enterprise social tools is increasingly seen as an effective way of improving workforce productivity, communication and knowledge sharing both internally and externally. This is often characterised simplistically as “Facebook for the enterprise” and usually involves some combination of secure file sharing, blogs, wikis, microblogs, task management, people profiles and activity streams.
Software as a service providers like Salesforce and Google have paved the way for organisations to embrace the cloud as an alternative to developing and hosting traditional enterprise software on-premise. The cloud offers cheap, scalable computing resources and software on demand without the need for companies to build out their own data centres or develop their own applications.
In theory then, enterprise social software hosted in the cloud should be the perfect combination of two of the hottest technology trends and give organisations immediate access to the latest wave of innovative software with no development resources or capital outlay necessary.
But is the cloud secure?
In reality, the problem for a lot of organisations comes when it’s time to actually move their software and data to the cloud. There is often resistance at senior levels and a concern around the security of data hosted outside of their network.
Much of the concern around security is born out of misconceptions about the cloud and software as a service in general. There is often an assumption made that cloud providers are less secure than hosting in-house in your own data centre. There are of course various types of cloud services and not all of them are targeted at the enterprise.
Consumer-grade services like Dropbox or iCloud are probably not the best places to store your sensitive corporate data but at the other end of the spectrum there are specialist providers who build enterprise-grade services specifically for those industries where security and control are paramount, such as the legal, banking, life sciences and government sectors.
These specialist providers often have their own private clouds and do not rely on public cloud providers like Amazon or Microsoft for hosting. They are advanced technology companies and their businesses depend on running secure and dependable services for high value clients. Their clients will audit them and require proof that their systems and services are secure via software penetration tests and adherence to information and security standards such as SAS 70 Type II or ISO 27001.
A law firm, bank or corporation is not primarily focused or dependant on providing a state-of-the-art technology platform. Whereas, a cloud provider is only able to stay in business if it has the trust of its clients and it can only do that by maintaining a robust, reliable and secure service. So it stands to reason that in order to win clients and then keep them, a specialist cloud provider must have at least as good security measures in place, if not far better, than the vast majority of organisations have themselves.
Does social mean insecure?
The second thread of resistance to the implementation of cloud-based social software is to the very concept of “social” itself. There is a common belief that “social” cannot be secure because it is based on the concepts of openness and sharing. It is also often perceived as a time wasting activity with no business benefit.
This couldn’t be further from the truth. The best enterprise-grade social tools have robust and advanced controls that enable you to share information and collaborate with other specified users inside and outside of the organisation in a secure way. You choose exactly who to share your information with and it can be as open or as closed as you like depending on what you are sharing and who you are collaborating with. Users can be given various levels of privilege and access, from full administrator rights to a read-only view on an individual content item.
What “social” really means is emphasising people and connections rather than just data. Being able to see who authored or shared a piece of content can be as valuable as the content itself. Enterprise social software is about enhancing communication, collaboration, and knowledge sharing. It enables users to make the connections and have a peripheral vision of the work going on around them with their colleagues, partners and clients internally and externally so that they can be more effective and productive.
So, I can have my cake and eat it!
Yes you can. Cloud-based social software is no less secure than a document management system, email or talking to someone by the water cooler but it can be a lot more effective at capturing, storing and then quickly redistributing information to the parts of the business where it is needed the most. Not all information in an organisation can be shared openly but in an enterprise-grade social system you have the opportunity to do so when it’s appropriate and keep it locked down and secure when it isn’t.
Social software and the cloud is like anything else, you need to look at all of the options and choose wisely. Do your due diligence, ask the difficult questions, speak to existing clients of the provider and ask them why they chose that solution. If you’re not comfortable with hosting your data in one of the big, public cloud platforms, look for a smaller, more specialist provider. You will probably get a more personalised service and solutions tailored to your industry or use case.
But remember, whilst there is nothing inherently insecure or risky about software as a service or social tools in comparison to traditional solutions, they can still be poorly implemented, abused and suffer from a lack of governance. However, if you choose the right cloud solution and implement it well it can lead to significant cost reductions, gains in efficiency, much more flexibility and access to cutting-edge technology that would otherwise take years to implement.
Below are the accompanying slides that I presented at the Infosecurity Europe 2012 press conference on 18th January 2012.
