Most business software you use now is cloud-based, which means the data housed inside of those platforms are at risk in some way. This can certainly create obstacles when it comes to mitigating or minimizing risk in an organization concerned with data security. While cloud-based software applications can indeed make your job (and the jobs of others) easier, there are definitely some challenges in moving to the cloud, and they’re increasing.

Privacy

The European Union has strict privacy laws, and California is considering following their lead.  Many companies in the cloud still do not have the correct processes and procedures to be able to comply with these laws.  For example, if an EU citizen asks you what happened to his data from the form he filled out on your website, you must answer him quickly – or face potential fines.  These regulations are enforced in the US through cross border trade agreements.  Canada has anti-spam laws (CASL) that are very severe and can similarly be enforced in the US.

Choosing GDPR-compliant software vendors can help you avoid large fines and even prison. The simple way to find out if your software vendors are complaint is to ask these six questions to each and every one of them.

Security

Go to have I been pwned and type in your email address.  You may find you have had your personal information stolen from several websites.  Are you reusing any of those old passwords?  Then you might as well not have a password.  Ditto if you are reusing patterns in your passwords from one of those sites.

Does your new cloud vendor have sufficient protections in place to prevent your employees from getting hacked?  Is two factor authentication available, for example? Is your vendor protecting your privacy? These are all valuable questions for which you need to make sure you have answers before you select a new vendor.

Everyone from the NSA to the IRS to Target and Home Depot has been hacked.  It is a constant arms race between the good guys and the bad guys.

If you have your product installed within the walls of your company and you don’t let people outside the firm use it, including people working from home, then it may be the case that you are at less risk than if you were using the same software in the cloud.

Legal risks

Many vendors in the cloud essentially insert terms in their contract that put you on the hook for mistakes they might make.  For example, I recently reviewed one vendor contract that essentially said if they lost all our data and it got sold on the dark web, resulting in lawsuits, we would have to pay for the lawsuits, even though it was them who lost the data.

If you’re considering cloud-based software, always review their terms and conditions and agreements carefully to make sure you won’t get caught out if the worst were to happen. Not only must you ensure that the data you put into the software will be kept secure so a situation like I described above doesn’t happen, but you must protect your organization’s interests as well.

Costs

Have you ever been in a situation where your software vendor raised your prices exorbitantly, but didn’t give you any other choice in the matter? You’re stuck either paying it, or having to find a new solution – and both of these can have a negative impact on the organization. One way to avoid this problem is to employ a multiyear contract with the vendor.

Hidden costs show up frequently in areas like disk space usage, bandwidth fees or other items that were not clear early in the usage of the product – but can become a problem later.  Be sure to ask your salesperson about such fees.

Integration

If your software systems are working together and syncing up with one another, your processes will be dramatically streamlined – making jobs exponentially easier (and saving the organization money). So, you want to make sure your cloud software systems have easy integration capabilities.

Look for vendors that have a robust API, because they probably aren’t going to let your systems talk to the database directly.  You could also engage the vendor to set up the integrations you need for you.

There are many benefits to moving to the cloud.  With the right vendor, all the problems mentioned above will be working better in the cloud than they would if you created your own solution.   Your upfront costs will be low, you only pay for what you use, you get the benefit of future enhancements for free, and adoption is often higher. However, with anything in life, it’s always a good thing to weigh the benefits and the risks. Stay safe out there!