Data Security and Access Control: Can You Do It On Your Own?

September 2015

If you have data, and everyone does, you have to be concerned about access – both enabling access to those who need the data and restricting access for those who do not. Traditionally, this access control is the responsibility of the IT department and they are continually challenged with increasing user needs and external threats.

Although it may at first sound counterintuitive, security and access control are much stronger and more reliable when delegated to a cloud services supplier.

Most companies and their IT departments are justifiably proud of the fine job they do in managing security and access control. A great deal of money and effort must be dedicated to effective management of these tasks and constant vigilance is required to maintain the controls and keep the data safe. But there are always new challenges emerging every day and, frankly, resources are limited. It’s getting hard and harder to stay ahead of the impending threats.

A manufacturing company must redirect critical resources to work on access and security controls, resources that might be better employed in support of user needs – helping users understand the functions provided by their software and introducing them to tools and techniques that help get value from the data and information in the systems. When security and system management are outsourced to a cloud services provider, those internal resources can be applied to more directly valuable activities.

The cloud services provider specializes in access and security control – it is a key part of their mainline business and a major “core competence.” Cloud providers and their customers benefit from economies of scale – the investment in security and access control is for the benefit of, and is funded by, a large number of user clients. Smaller companies, as clients of the cloud provider, are beneficiaries of a larger investment in security and system management than any one company could afford or successfully accomplish. The costs are built into the monthly subscription fees and amortized across the entire population of client companies.

Beyond data access and security, cloud service providers maintain industrial strength physical security, redundancy (failure prevention), hot-site availability (failure recovery), off-site back-up, and more—all of the things that every company should be doing to protect its systems of record. It’s simply no longer feasible or affordable to “do it right” if you are doing it all on your own.

While many companies continue to manage systems, access and security in-house, and nearly all are justifiably proud of their effectiveness, any one of them would admit, in a moment of candor, that there’s more that could and should be done. The cloud alternative offers an opportunity to engage an army of security and access specialists in the defense of critical company data at an operational expense that is surprisingly affordable.

Is your company still “going it alone” on security and access controls? How confident are you that your systems are safe from unwanted intrusion or interference? If you could double your IT budget, what additional controls and facilities would you add for data security? Are these things that your cloud provider includes in its offering?