The Concerns about Cloud Services for Social Collaboration - dummies

The Concerns about Cloud Services for Social Collaboration

By David F. Carr

For social collaboration, you have to decide whether the cloud service can be trusted to host important business conversations, documents, and project planning tools. What would happen if a competitor got access to those resources? You don’t want to find out. Make sure the service you choose provides at least the same level of security you would expect from e-mail, making it safe to share routine business discussions. If there are some sorts of information you do not want to trust to the cloud platform — for example, if contract negotiations are ruled out of bounds — you will have to address those issues with corporate policy.

You should also investigate how the cloud platform integrates with other applications, including on-premises applications, to make sure you will not be creating an island of collaboration isolated from the rest of your business.

Key security practices

Application security deserves some extra scrutiny. There are several dimensions to the security of a web application:

  • Protection of data in transit: This usually involves using the same encrypted version of the web’s HTTP protocol used for consumer credit card transactions. Your browser displays a closed padlock icon when this is active, assuring that data you send to the web server cannot be intercepted — at least not easily.

  • Protection of data at rest: Measures are taken to protect your data in whatever form it is stored in the cloud data center. For maximum security, data can be stored as well as transmitted in an encrypted format so that only an authorized user can decode it.

  • Authentication security for identifying authorized users: This measure includes minimum standards for passwords and the security of password reset mechanisms that can be subject to abuse by hackers.

  • Data center security: This includes building access control, limits on physical access to cloud servers, and process controls governing the behavior of server and storage administrators.

Verify service provider security and reliability

Some conservative corporate IT believe that if they’re going to trust their data to the cloud, they want to see independent evidence that it will be safe there. How you approach this depends, to some extent, on the size, cloud, and attitude of your business.

When a cloud service fails or is breached, it’s news, partly because it doesn’t happen that often. As with the safety record of commercial airplanes versus passenger cars, cloud services are safer on average, but when they fail, they can fail spectacularly.

Any service that can provide instant activation over the web can represent itself as a cloud service even though it could be running on a rusty server under someone’s desk. If you’re going to try something brand new, there will be more Trust, but verify required.

Integrate existing resources

The most technically sophisticated aspects of working with cloud services are related to integration, particularly integration with on-premises resources such as a corporate directory server. Most cloud collaboration products, including those hosted in the cloud, offer some sort of integration or synchronization with Microsoft Active Directory (AD), which is the most widely used repository of network account information for corporate employees. Particularly in large organizations, it’s important to have an automated way of activating new accounts on the collaboration network when employees join the organization and deactivating them when employees leave.

IT personnel may also play a role in integrating other applications with the collaboration network, or even creating custom applications that integrate with it in some way.

Comply with regulations

Industry regulation can complicate or even prohibit the use of social collaboration in the cloud. Consider the U.S. Health Insurance Portability and Accountability Act (HIPAA) and its provisions for patient privacy. Even though patient records per se probably wouldn’t be stored in the collaboration system, any conversation between healthcare professionals about a patient’s health can be considered patient data. That means for it to be stored anywhere outside of a healthcare facility, it would have to be encrypted, not just in transit but on the server hard drive or other storage system.

If a cloud collaboration service does not meet these requirements, that doesn’t necessarily mean you can’t use it at all, only that you can’t use it for certain business functions or types of data. A hospital may use a cloud service in the marketing department, but not for use by physicians or nurses, at least not when discussing specific patients.

The European Union’s Data Protection Directive also complicates the use of cloud services because it discourages the storage of personally identifying information outside of Europe. European firms tend to be particularly leery of storing data in the United States, worrying that it can be subject to access by law enforcement under the USA PATRIOT Act. If the cloud service has data center operators in Europe, European firms may be able to negotiate terms that their data will be stored only there.

Achieve integration across a firewall

By definition, cloud collaboration services operate outside corporate firewalls. When the data or documents employees most want to collaborate on remain inside a firewall, that presents a potential problem. If a copy of the data is placed on the cloud service and the data happens to be sensitive, you have a security breach. Alternatively, if a collaborator posts a link to the location of that resource inside the corporate network, home office and traveling workers can’t access it unless they log in via virtual private networking (VPN) software. Not impossible, but awkward.

Some of the more interesting scenarios for using social collaboration in conjunction with other business applications also become more complicated if the collaboration service is in the cloud but the target applications are on the private network.

A cloud enthusiast’s answer may be to move more and more applications to the cloud until traversing the firewall becomes a nonissue. Another strategy is to use an integration appliance, such as Dell Boomi, designed specifically to bridge cloud and on-premises applications.