Security
Cloudless not Clueless
The great buzz-word these days is the "cloud" and most email
software vendors try to entice you to use their wonderful, modern,
wizz-bang on-line service, presenting it as a benefit for YOU. We
take a different view (being on the inside of the industry) and know
that it's all designed to benefit THEM. Not only do you have to pay
monthly but you are also handcuffed to their system since your
database is now stored with them!
However, in this discussion we want to focus, not on the economics
of avoiding a cloud-based system (important as that may be), but on
the security issues. These are rarely discussed openly and it's only
when a scandal breaks out with Twitter or Facebook (or even a bank!)
that the subject hits the headlines.
Have you really thought about the implications for your business of using an online system? It's worth considering the following:
(By the way, in case we haven't made it clear, LinxMail is an on-premise solution - your contact data stays with you, without the risks of your data being internet-facing or "in the cloud"*.
What the experts say
Before getting caught up in all the hype of cloud computing it's worth doing a little research on the risks. For example, here's one of Microsoft's own security experts speaking in a conference promoting cloud computing, but cautioning again inappropriate use:
"Cloud computing
is not always the right solution. If you need to protect
your data
behind a firewall then the cloud may not be the answer."
Internal Microsoft Security Analyst speaking at
TechEd Australia, Gold Coast, Qld, August 2010
Clearly there are right applications for cloud computing (such as non-sensitive data) and wrong applications (such as confidential business records).
Here are some other issues raised in the same Microsoft conference:
- "Malicious insiders" - these are employees of the service provider, software house or data centre who see an opportunity to make money by selling your database. (In the case of financial services this is a considerable risk since identity theft is rampant. Just imagine what a malicious insider could do with your client's drivers licence, passport and bank account numbers!)
- Account or service hijacking - this is where your services can be intercepted remotely to allow theft of data.
- Sovereignty - this refers to where your data is physically located and the implications that this might have. For example many data centres are overseas. How does that affect your liability under the Privacy Act which has rules against the transfer of data overseas?
- Unsubscribing - if you cancel your service, how do you know for sure that your data has been deleted?
Similarly, when one of our Directors was visiting Microsoft Headquarters in Redmond, USA, a senior Microsoft executive (their Marketing Manager Small Business), was very clear in his warning: "Make sure you don't end up in jail. Customer details get out on the internet at an alarmingly high rate."
So why is the Cloud so heavily promoted?
Despite such risks, small business is constantly bombarded with offers of cloud services. Why is that? We hate to be cynical but, from inside the industry, we can say with certainly that the primary reasons are commercial:
- So that you have to keep on paying. If you stop paying, you no longer have access to the application or data so, once you start, it's almost impossible to go back, thus providing a very attractive income stream for the service provider.
- To keep you "sticky" - making it hard for you to move your business to an alternative provider.
To illustrate the above points, a Jan 2012 Microsoft newsletter to their reseller partners had an article entitled "Turn the cloud into your next Cash Cow!" and went on to recommend that they "Start milking this opportunity..."!
Protecting your independence
But it's not all about security in the usual sense. Keeping your database on-line can also be a threat to the very survival of your business in another way.
Can you imagine having a dispute with your service provider? Would they have the ability to cut you off from your database? There have been several cases where this has happened and it has presented a serious risk to the businesses affected. Even if you left them under good terms, can you guarantee that you will be given all your contact records and the templates you have begun to use? Can you rightfully argue that the data or templates are yours?
LinxMail helps you maintain your independence and respects your right to ownership of the data. You maintain control of your database and your templates. As you buy the software outright you can use it indefinitely without further cost if you wish.
What about off-site backups and remote access?
One of the few claimed advantages of on-line systems is that you don't need to backup your data - "it's all done for you". Another claimed advantage is that you can access it from anywhere.
LinxMail can give you both these features, and without the unnecessary risks. Our Help Desk can provide further information on how to create encrypted, off-site backups and how to access your data, securely, from anywhere in the world.
(Incidentally, another claimed benefit of cloud computing is a saving on hardware. This is true for large government and corporate users who require massive servers and then could just manage with desktop systems to access those remote servers. But, for small business users, they only generally user smaller computer systems anyway, so there is unlikely to be any significant savings to be made).
Forecast: Storms approaching
Based on the above-mentioned risks we believe that cloud computing is not the right choice for small business email marketers. Apart from the risks of your being cut off from your data due to a potential dispute with your service provider, there is the ever-increasing risk associated with list theft. We predict that this problem will get worse over time and some businesses may ultimately be held legally liable under privacy or similar legislation.
Compare the pair
In summary, here's a quick comparison of on-line, cloud-based systems compared with the on-premise LinxMail:
Risk |
On-line / Cloud* |
LinxMail |
Data Security |
Location often unknown. |
Location known. |
Business Interruption |
Can be switched off without notice. |
Purchase option guarantees supply. |
Costs |
You keep paying if you want access. |
Purchase outright at reasonable cost. |
Remote access |
Accessible from any internet PC. |
Accessible from any internet PC via private login or thin-client networking. |
Other |
Privacy legislation - potential liability. |
Under your control. |
So, on balance, if you choose an online service, all the risks are one-sided - on you. By contrast LinxMail gives you all the benefits and none of the risks - it's truly "cloudless" not "clueless".
Additional reading
You can find out much more about the risks of cloud computing by searching the internet. Here's a small selection of suggested additional reading. (Note most are third-party sites and may contain advertising):
Wall Street Journal: To Cloud or Not to Cloud
Australian Federal Govt: Computer security threats faced by small businesses in Australia
Other: Storm warning for cloud computing and some comparisons on security products and services.
There are additional resources on our main site at www.linxcrm.com/features/security.htm
*Technically some would define "cloud" systems and "on-line" (or web-based) systems differently, although the lines are blurring. "On-line" generally means a system which is located on a remote system and you (usually) know where it is located. This would be the case with a VPS (Virtual Private Server) hosted with your service provider. By contrast, a true "cloud" system is in an unknown location and may even be in various locations (ie. have shadow copies) around the world. However, for the purposes of this discussion they both present similar risks and are treated synonymously.