Cloud vs On-Premise – Do cloud IT systems make commercial sense?
A lot of businesses have computer systems in their offices, to run CRM/Management software or share files or for email. Many businesses may have looked at migrating to the cloud. Cloud systems offer benefits such as being available from anywhere and also take away the need to manage your own computer systems. But is cloud a risk? Well, yes it is, but in many cases cloud systems are no more, and sometimes much less, risky than your on-premises computer system.
In this post, and the five that follow, we will review some commonly used cloud systems and compare them with on-premises systems and evaluate the risk of each. In my personal view, I think cloud systems are better in many contexts, but the central premise of this set of posts is to make the point that both cloud and on-premise have risks. You should evaluate the risks on both sides when looking at going to the cloud.
Before we get under way, I should disclose a bias. I am a big fan of cloud services. The convenience of having information at your fingertips is simply too attractive. I constantly demonstrate to friends and colleagues how I can write on a tablet and have my writing magically appear on my desktop and on my phone at the same time. The accessibility that cloud services provide can lead to a great increase in productivity. Cloud services do pose unique challenges, data sovereignty and data security being but two. However, cloud services have evolved significantly over the last five years, say nothing of the last 10 to 15 years. In my view, there are many contexts where using cloud services for data storage should now be considered best practice in business.
Thus endeth my declaration of bias.
What We Will Cover
In this first article we’ll give a broad overview of what lays ahead.
First, I want to discuss key categories against which we should evaluate our IT systems. Then I’ll discuss how I’ll approach the analysis.
The concerns around cloud computing can be grouped into four main categories:
- Data security; and
- Data resilience.
We can break ‘Governance’ down into two main issues: data sovereignty and the law that governs the cloud service. By data sovereignty I mean the location of your data. Cloud data can be stored in many different countries, each country with its own set of data protection laws, if a country has data protection laws at all. Ideally, we want our data located in Australia so that our data is protected by Australian law. If nothing else, Australian law is a known quantity.
Many cloud services are not located in Australia. When we sign up for these services, we usually agree for our contract to be governed under the laws of a foreign country, in many cases the US. Foreign jurisdiction clauses can make managing disputes that arise with a service more complex, expensive, (or practically impossible!), to manage. Ideally, we’d want governing jurisdiction clauses to refer to Australian law.
Data confidentiality is also an issue. Some of us may deal with sensitive client data and we want to strictly control access to that data. Confidentiality stems from the risk of third party access to data but extends past this because, as we shall see, third parties always have access to our data regardless of whether it is in the cloud or on-premise. The confidentiality issue becomes a question of regulation of third-party access to a degree that is satisfactory for your business.
Data security is self-explanatory and has long been a concern of those looking to migrate to the cloud. As will be demonstrated, data security is also a significant issue with on-premises systems.
Data resilience refers to several aspects. The most obvious being availability of data (i.e: how often does a service crash). Less obvious are issues around incident management and data portability, data portability being the ability to extract data out of a cloud service if desired.
The aim of my analysis is to apply these categories to the practical context of cloud services commonly used in business. To that end, I have decided to analyse these categories against a set of popular cloud services and also against an on-premises context. The cloud services to be analysed are:
It is worth stating that there are many other cloud services, large and small, that are available to businesses. Xero and Calendly come to mind. My intention is to focus on the more prominent services that many businesses consider adopting or have already adopted. It is also worth stating that this analysis is not a substitute for performing your own due diligence!
Having stated all that, it’s time to move on. In the next article we will look at governance issues and how these apply to our candidate cloud systems and to a typical on-premises system.
For more information and expert advice, ask to speak to Mark Ferraretto at Ezra Legal on (08) 8231 6100 or email email@example.com
For information and articles on the range of IT and data privacy advice and services that we provide, head to:
- Ezra Legal – Information Technology & Data Privacy
- Ezra Legal – The Risks of Cloud Based Document Delivery Services in Commercial Law and Contractual Performance
Solicitor – Information Technology & Data Privacy