• Advertise
  • Contact Us
  • About Us
  • Supplier Directory
  • SCB YouTube
  • Login
  • Subscribe
  • Logout
  • My Profile
  • LOGISTICS
    • Air Cargo
    • All Logistics
    • Express/Small Shipments
    • Facility Location Planning
    • Freight Forwarding/Customs Brokerage
    • Global Gateways
    • Global Logistics
    • Last Mile Delivery
    • Logistics Outsourcing
    • LTL/Truckload Services
    • Ocean Transportation
    • Rail & Intermodal
    • Reverse Logistics
    • Service Parts Management
    • Transportation & Distribution
  • TECHNOLOGY
    • All Technology
    • Artificial Intelligence
    • Cloud & On-Demand Systems
    • Data Management (Big Data/IoT/Blockchain)
    • ERP & Enterprise Systems
    • Forecasting & Demand Planning
    • Global Trade Management
    • Inventory Planning/ Optimization
    • Product Lifecycle Management
    • Sales & Operations Planning
    • SC Finance & Revenue Management
    • SC Planning & Optimization
    • Sourcing/Procurement/SRM
    • Supply Chain Visibility
    • Transportation Management
  • GENERAL SCM
    • Business Strategy Alignment
    • Education & Professional Development
    • Global Supply Chain Management
    • Global Trade & Economics
    • HR & Labor Management
    • Quality & Metrics
    • Regulation & Compliance
    • SC Security & Risk Mgmt
    • Supply Chains in Crisis
    • Sustainability & Corporate Social Responsibility
  • WAREHOUSING
    • All Warehouse Services
    • Conveyors & Sortation
    • Lift Trucks & AGVs
    • Order Fulfillment
    • Packaging
    • RFID, Barcode, Mobility & Voice
    • Robotics
    • Warehouse Management Systems
  • INDUSTRIES
    • Aerospace & Defense
    • Apparel
    • Automotive
    • Chemicals & Energy
    • Consumer Packaged Goods
    • E-Commerce/Omni-Channel
    • Food & Beverage
    • Healthcare
    • High-Tech/Electronics
    • Industrial Manufacturing
    • Pharmaceutical/Biotech
    • Retail
  • THINK TANK
  • WEBINARS
    • On-Demand Webinars
    • Upcoming Webinars
    • Webinar Library
  • PODCASTS
  • VIDEOS
  • WHITEPAPERS
Home » Blogs » Think Tank » Are Cloud Applications a Cybersecurity Threat?

Think Tank
Think Tank RSS FeedRSS

Are Cloud Applications a Cybersecurity Threat?

August 5, 2013
Robert J. Bowman, SupplyChainBrain

With that in mind, why would anyone want to exacerbate the situation by moving critical applications into the cloud? Aren't you just ramping up an already significant threat? Can you really trust your data with some distant server farm, which is storing the intelligence of countless other companies, including, in all likelihood, your fiercest competitors?

All right, so I'm somewhat overstating the case. Cloud technology has matured to the point where security isn't a crippling concern - no more, at least, than it is for software that sits behind a company's firewall. Nevertheless, if you're moving major apps to the cloud, there are steps you should be taking to ensure the stability of your organization.

It's not all about security. According to Matt Goche, director of information security consulting with Sungard Availability Services, there are three things you need to ensure when you're moving to the cloud: that your data remains highly available, secure and recoverable. Service disruptions might be rare, but even those of short duration can be devastating to a business.

Goche acknowledges the risks involved. He suggests three main ones to think about:

Failing to understand the security of your partner. Companies might start out by taking the baby step of deploying a dedicated private cloud, but the true economies of scale don't kick in until they embrace the public cloud, involving multiple vendors and services readily available on demand. That option, however, requires the presence of a third-party provider. You should be intimately familiar with its security procedures, how they overlap with yours, and the compliance standards being observed. You can't achieve that level of knowledge without a lot of pre-assessment work, says Goche.

Losing control of your data. The system and network administrator roles that you previously handled in-house are now being performed by an outsider. But accountability must remain within your organization. You need to know that the cloud provider is meeting the same expectations that you used to uphold internally. You need to clearly delineate how tasks are being apportioned between you and your partner. And you need a precise understanding of the chain of reporting, including the mechanism for responding to any problem.

Botching the execution. You've done your due diligence, selected your cloud provider, and designed a secure architecture so that no unauthorized parties have access to sensitive data. How, then, do you guard against degradation of the agreement over time? The parties can't be dropping the ball, for example, when it comes to understanding and enforcing patch management. (The regular downloading of patch applications is a key element of any cybersecurity initiative.)

Most important, says Goche, is the enforcement of a clear and consistent policy on incident response, with each party knowing its responsibilities and respecting clearly delineated lines of communication. Initial migration is only the first step in maintaining a successful cloud engagement.

Another big concern among potential users of cloud services is redundancy. No respectable provider would rely on a single server to store its customers' critical data, and many take care that multiple machines are hooked up to separate power sources. Still, I.T. managers might question whether their providers have adequately backed up both apps and data, in preparation for that inevitable moment when something goes wrong.

Goche recommends that companies approach the problem from another direction. Instead of worrying about how many servers are in play, think in terms of data availability, as spelled out in your service-level agreement.

"Make it more of a business question than an I.T. question," says Goche. "You build enough redundancy into your architecture to provide me with that solution. It drives you to your business goal of x-percent availability."

Security, of course, is as much a concern for on-premises systems as for those in the cloud. But Goche believes the cloud has the potential to make a company's data even more secure.

"Maybe your internal resources are falling behind on patch and logistics management," he notes. "Intensive, day-in and day-out services might be better handled by a cloud provider." A vendor with a large network operation is likely to be in a better position to detect intrusions than a medium-sized business lacking round-the-clock I.T. staff.

What's more, Goche says, migration to the cloud forces a company to come up with a detailed road map that can uncover gaps in resiliency or instances of I.T. overspending. (And, of course, it sharply reduces the cost of system upgrades. The point at which you're about to make a big capital expenditure on new software is probably the best time to be thinking about the cloud.)

Not everything is suited for the cloud. Certain highly customized applications, designed for subsets of an organization, might be better handled in-house. And site-specific applications such as warehouse-management systems have been slow to embrace the technology. But Goche believes - and companies are increasingly coming to agree - that the cloud is appropriate for most types of business software, as long as proper steps are taken to ensure data security, and the provider is fully validated.

The key word is vigilance. Says Goche: "Whether you're maintaining traditional I.T. processes in house, or moving to a private, public or hybrid cloud, I.T. security is a paramount issue for any company."

Comment on This Article


Keywords: supply chain, supply chain management, cloud supply chain, SaaS, supply chain planning, supply chain systems, supply chain risk management

Cloud & On-Demand Systems Supply Chain Finance & Revenue Management Inventory Planning/ Optimization Supply Chain Planning & Optimization Supply Chain Visibility Technology Business Strategy Alignment Global Supply Chain Management Supply Chain Security & Risk Mgmt High-Tech/Electronics

RELATED CONTENT

RELATED VIDEOS

Subscribe to our Daily Newsletter!

Timely, incisive articles delivered directly to your inbox.

Popular Stories

  • DOCUMENTS BEARING THE INSIGNIA OF US CUSTOMS AND BORDER PROTECTION LIE ON A TABLE

    New CBP Regs Call for Greater Diligence by Brokers in Reporting Security Breaches

    Freight Forwarding/Customs Brokerage
  • A WORKER IN A WAREHOUSE, SUPERIMPOSED WITH GRAPHICS SHOWING SUPPLY NETWORK

    Enabling Intelligent Visibility With Supply Chain Analytics

    Data Management (Big Data/IoT/Blockchain)
  • A HAND TURNS A LARGE, LIGHTED DIAL WITH THE WORD RISK ON IT iStock-NicoElNino-1364371014.jpg

    Measuring KPIs and KRIs for Comprehensive Supplier Performance Management

    Technology
  • GSCMS-Promo.png

    Watch: Introducing the Global Supply Chain Marketing Summit

    Education & Professional Development
  • DEEPLY CRACKED EARTH UNDER A BLUE CLOUDY SKY

    Why Maritime Supply Chains Must Adapt to Sustainability Regulations

    Ocean Transportation

Digital Edition

Scb nov 2022 sm

2022 Supply Chain Innovator of the Year

VIEW THE LATEST ISSUE

Case Studies

  • New Revenue for Cloud-Based TMS that Embeds Orderful’s Modern EDI Platform

  • Convenience Store Client Maximizes Profit and Improves Customer Service

  • A Digitally Native Footwear Brand Finds Rapid Fulfillment

  • Expanding Apparel Brand Scales Seamlessly with E-Commerce Technology

  • How a Global LSP Scaled its Security Program and Won More Business

Visit Our Sponsors

Orderful Yang Ming Alithya
Barcoding Blue Yonder BNSF Logistics
CoEnterprise Data Capture Deposco
E2open GAINSystems Generix
Geodis GEP GreyOrange
Here Honeywell Intelligrated IFM
Infor Inmar Keelvar
Kinaxis Korber Lean Solutions Group 2H
Liberty SBF Locus Robotics Logility
LogistiVIEW Lucas Systems MCA Connect
MPO Nvidia Old Dominion
OpenText ORTEC Overhaul
Parsyl PMMI QIMA
Redwood Logistics Ryder E-commerce by Whiplash Saddle Creek Logistics
Schneider Dedicated Setlog Holding AG Ship4WD
Shipwell Tecsys TGW Systems
Thomson Reuters Tive Trailer Bridge
Vecna Robotics Verity
Verusen
  • More From SCB
    • Featured Content
    • Video Library
    • Think Tank Blog
    • SupplyChainBrain Podcast
    • Whitepapers
    • On-Demand Webinars
    • Upcoming Webinars
  • Digital Offerings
    • Digital Issue
    • Subscribe
    • Manage Your Subscription
    • Newsletters
  • Resources
    • Events Calendar
    • SCB's Great Supply Chain Partners
    • Supplier Directory
    • Case Study Showcase
    • Supply Chain Innovation Awards
    • 100 Great Partners Form
  • SCB Corporate
    • Advertise on SCB.COM
    • About Us
    • Privacy Policy
    • Contact Us
    • Data Sharing Opt-Out

All content copyright ©2023 Keller International Publishing Corp All rights reserved. No reproduction, transmission or display is permitted without the written permissions of Keller International Publishing Corp

Design, CMS, Hosting & Web Development :: ePublishing