There is a debate amongst IT security experts around the world about the security implications of running applications and exchanging data in the cloud. This question becomes even more complex when you add to the mix companies that have operations in the European Union (EU) as well in North America. Not only must these companies consider the legal ramifications of sharing data in the cloud, but the cultural differences that define Europeans and North Americans sensibilities about data privacy can be formidable.
North American companies are moving much of their former data center operations, from basic storage and disaster recovery to running company-wide applications, to the cloud. It is not uncommon for companies to outsource much of their operations to managed services providers (MSPs). Often productivity applications such as Office 365 and email are moved to the cloud to reduce capital expenditures and transfer the operations and security tasks to MSPs that have staffs with potentially greater expertise in IT.
In fact, Office 365 is becoming even more of an enterprise product. At its annual Convergence EMEA conference in Barcelona in November, Microsoft added Skype Meeting Broadcast and other voice/meeting offerings to the product, along with analytics and data visualization, and advanced security and compliance. In a study Forrester Consulting found widespread recognition of the importance of digital transformation in their organizations, and the need to dramatically reshape their business around customer outcomes and desires. The innovations Microsoft announced in Barcelona are aimed at helping businesses achieve this by igniting entirely new ways to collaborate and intelligently engage with customers, the company said.
In Europe, the laws concerning personal privacy are significantly stronger and thus companies are more limited in utilizing cloud servers over which they have no control. Twentieth Century European history is awash with totalitarian governments that used personally identifiable information against its citizenry. As a result, Europeans today cherish their privacy, while dismissing what they see as the North American fascination with trading privacy and security for ease of use and outsourcing. While US laws often favor corporate operations and governmental access to data over personal privacy, Europe is far aggressive in protecting personal privacy over corporate convenience.
Consider, for example, an SMB in North America that does business in a regulated industry such as healthcare, retail or consumer credit. The size of the company is not material when dealing with regulated data; big and small companies need to comply with governmental and industry regulations.
Smaller companies, however, generally have fewer resources available so they need to depend more on their business partners for infrastructure and security services. Cloud providers today can offer SMBs a range of services they might otherwise not be able to afford on their own, such as security information and event management (SIEM) capacities, email encryption, and the ability to send and receive large files. Additionally, companies of all sizes need to be aware of emerging threats and have strategies to defend against them. This includes more than just the requisite antispam, antimalware and antivirus capabilities; it includes the ability to identify and defend against zero-day attacks, targeted attacks and vulnerabilities that permit insiders to leak confidential data accidentally.
In fact, there are numerous point products that can provide greater security for corporate data that are available from a variety of vendors. The challenge for the SMB, regardless of where the company is located, is to identify the products they need, identify their new staffing and training requirements, hire the appropriate technical and management personnel, and, of course, to obtain the requisite hardware and software, along with the appropriate consulting services. Put bluntly, SMBs need the same security capabilities large companies need to meet security and compliance requirements yet they often have neither the funding nor management capabilities to meet those needs.
But not everyone sees the cloud the same way, says Phil Wainewright, volunteer chair of EuroCloud UK and a co-founder of EuroCloud writing for the web site diginomica. Wainewright writes: “Since the launch of its first cloud strategy in 2012, the European Commission’s approach has been to break down barriers to cloud adoption across Europe. But if your chosen tool is policy making, then it’s natural that the solution to every problem seems to be to nail a policy to it. A lack of standardization has been seen as the main obstacle to cloud adoption, and therefore the focus has been on a single data protection regulation and on building a common framework of cloud standards.”
This is where a managed services provider or perhaps a managed security services provider can spell the difference between corporate success and dangerous data leaks, especially when it comes to ubiquitous but none-the-less mission-critical applications such as office productivity and email applications. It does not matter on which side of the Atlantic the company does business; MSPs and MSSPs provide essential services to SMBs.
The wide range of services required by SMBs, be they in North America or Europe, include spam and virus protection, email encryption and archiving, mail relay clustering and data leak prevention. MSPs can add a centralized management platform, multiple deployment options, 24/7 live technical support, granular reporting, and a variety of whitelabing and pricing options. In and of themselves, these features are not unique. However, finding a provider that offers all of these integrated into a world-class offering such as CYBONET’s product portfolio, does give companies and providers alike a plethora of options.