The cloud is a remote server on the internet that stores, manages and processes data, rather than a local server or PC. There are many services available to manage different aspects of your practice in the cloud. These services can be sold separately or in bundles. Services such as email, file sharing, data storage, client web portals, and telephony/communications are available. Consider the following issues when looking at moving any of your services to the cloud to ensure that you will have the security that you require.
Services
To adequately utilise these services, some investigation into the cloud provider is required.
- To what extent does the cloud provider guarantee the cloud service will be available? Often a Service Level Agreement – an agreement between the service provider and the customer regarding the level of service expected from the provider – will set a limit on ‘down-time’.
- Are your services kept in a manner that prevents unauthorised access? Matters like Safe harbour concerns can be mitigated with dedicated country hosting.
- Does the provider supply reporting on services and disruptions to better manage business continuity?
- Are you aware of all costs associated with the platform? These issues include licensing, subscriptions and administration costs.
Operability
It is important to ensure that your new cloud system does not expose your current system to dangers or impede its operation.
- Does the cloud service securely connect and operate with your existing services?
- Is the cloud service convenient and able to be used by staff when required?
- Does it add a level of value and security to your practice?
Protection
Cyber protection should be an inherent feature of your cloud service.
- Is the provider up to date with current security concerns?
- Does the service lend itself to insecurity, such as being connected to your mobile (which may not be secure)? Can this be mitigated?
- Is there robust protection against attacks and does the provider offer data redundancy?
- Does it improve your practice’s security level or does it increase it?
Implementation and maintenance
Keeping the cloud system up-to-date and properly maintained is an essential part of an overall security plan.
- Do you require services setup on your behalf or is it easy to install and use?
- Can it be maintained by you or by an advisor you trust?
- Who can you call for tech support if you need it?