MRO for a more connected enterprise

Call Now:800-322-2644

Address the Risks of Transitioning to Cloud Based Services

As more of the business world considers transitioning from on-premise to Platform as a Service (PaaS) and Software as a Service (SaaS) solutions, important security issues are coming to light. Unsurprisingly, the technology is advancing faster than these questions are being answered. That leaves CIOs, IT departments, and Security Specialists facing a conundrum.

Earlier this month, at the fourteenth annual Philadelphia Premier CIO Forum, leading CIO’s and senior IT executives in conjunction with the Executive Advisory Council, met to gain insights and practical solutions to business challenges. 
 
Ron Fijalkowski

Our CIO, Ron Fijalkowski, joined a panel discussion with Chris Shull, CIO Engagement Partner with Tatum, and Syd Weinstein, COO & CTO of PeopleMetrics—hosted by George Sullivan CIO at Delaware County Community College.

The panel discussion aimed to help alleviate some of the confusion and concern regarding cloud based security. Our CIO provided guidance in resolving the issues cloud solutions raise, based on industry best practices and his experience with SDI clients.

Extending Services Without Extending Liabilities

Any time an organization extends service offerings into the cloud, there are associated risks. The organization may have little or no control over data once it goes beyond their physical walls. Understanding this reality is key to addressing issues before they become problems. Some questions that organizations need to consider are:

  • Will moving data and services to offsite backups increase the potential for unauthorized access or security breaches?
  • Are email addresses considered personal information and, if so, will a breach of email addresses require a service provider response?
  • Do services such as payroll and mail increase security exposure when moved offsite?

These questions, and many more, are simply part of the due diligence that any organization must perform before making the decision to move to the cloud.

Standards of Evaluation

Since cloud services are not typically IT security services, they don’t specifically encompass the IT requirements that an on-premise infrastructure adheres to. This isn’t a limitation of PaaS or SaaS, it’s simply not what they were designed to do. Cloud services are focused on the services themselves (mail, content management, CRM, etc.), while IT security is about securing those services.

This fact makes it difficult to attempt to apply IT security standards directly to the cloud services being considered. It becomes critical to evaluate and understand the security of the infrastructure supporting the services. Standards like OSI 27001 may not apply directly to a cloud based service, but they will likely apply to the technology underlying that service.

Measuring Compliance

Deciding whether a particular cloud service provider meets an organization’s security needs can often involve internally creating a customized questionnaire. This process can be time consuming and may risk exposing internal information.

One compromise to this issue is to apply the appropriate industry business standard, such as SOC or GAMP control, to the service provided. This will provide a broad benchmark in terms of security compliance. From there, the organization can drill down any security requirements specific to their wants and needs.

Making the Move

The explosion of cloud-based services has created a lot of confusion and concern for IT security specialists. Where they once managed every aspect of an organization’s IT infrastructure, they are now faced with handing many services over to offsite providers. To help ease this transition, it is important to understand the underlying issue and address any concerns before making the transition.

Success Story

Our former solution provider was not independent; they were a supplier of parts. It's not the best thing to have a supplier be your MRO outsourcing provider. With SDI, we have a truly independent sourcing agent looking after our best interests.

SDI at Work

In the third post in this series on MRO As-a-Service by Spend Matters, Pierre Mitchell and Michael Lamoureux talk about how managing MRO as a process delivers benefits from efficiency to effectiveness and beyond to an evolutionary phase. The next generation of value, MRO-as-a-Service, helps organizations build intelligent, agile, scalable and integrated supply chains (direct and indirect).

The project team has worked its way through Define, Measure, Analyze, and Improve. It’s time to begin the Control phase. The key stakeholders gather to evaluate the solution as implemented and create a plan to sustain the improvements. The goal is to standardize the improved processes, establish an audit schedule and schedule periodic follow-up to identify additional opportunities for improvement.