Cloud computing appears be our latest buzzword. Everybody seems to be talking about Cloud computing, how you can improve your operations using ‘Cloud’, how much you can save using ‘Cloud’ and how easy ‘Cloud’ is to use. But what about security, how secure is it to use Cloud computing? Here is an overview of the pitfalls you should be aware of.
In this article I’m assuming we are looking at public (general access) or private (select access) Cloud computing rather than the internal type, i.e. set up by a company’s own IT department.
The general issues fall into two distinct categories: security and control.
Security pitfalls of Cloud computing
Security should be considered in its many guises. For example, most Cloud providers pride themselves on the security surrounding their servers, back-up processes and so on. However, few consider a key issue for spreadsheet models: the security of the underlying data, combined with legal responsibilities.
Many spreadsheets contain client sensitive data that in the wrong hands could provide embarrassing or lead to financial repercussions. High profile breaches seem to be in the news daily. However, the onus for data security will always remain with the business and not the Cloud service provider.
In the UK, the Data Protection Act requires that “appropriate technical and organisational measures” are put in place and adhered to by the business not the third party provider. However, businesses usually get the raw end of the deal in contracts with Cloud providers. It is not uncommon to see the words “[Cloud Service Provider] shall not be responsible or liable for the deletion, correction, destruction, damage, loss or failure to store any customer data…”, with companies not prepared to divulge the full extent of their security measures – understandably – to customers.
On the flipside to security is, of course, accessibility. Cloud computing boasts that you can use a myriad of platforms and not require any local software. However, slow internet connections and busy times of the day can play havoc with trying to access a large spreadsheet remotely, especially when it takes significant processing time to recalculate.
Keep your own backup
It should also be noted that it would be irresponsible to delegate back-up responsibility for spreadsheets to a service provider. They have outages, communication delays and go bust just like other companies. Businesses therefore need to keep copies of key documents locally too which could defeat the purpose of Cloud computing. Having duplicate spreadsheets, as many readers will attest, can lead to a multitude of problems as users, for example, update some but not all files...
Control pitfalls of Cloud computing
Once a spreadsheet is in cyberspace, keeping control can prove difficult practically. How do structural changes get made and how is version and documentation control maintained? If two or more users access a spreadsheet at the same time what are the file sharing protocols? This has proved a thorn in the side for Excel and similar software when spreadsheets are stored locally so trying to keep control in cyberspace may be analogous to herding cats.
Having spreadsheets maintained online causes other problems. You are no longer in control of when software is updated or indeed which software is used, what functions, typesets, spreadsheet views, calculations, formatting etc. are supported and how they will appear when others access them remotely. If it looks poor or does not calculate correctly, who will get the blame – the model owner or the service provider? Alas, it’s a rhetorical question.
Finally, a common functionality is file linking. Two-way access is not always supported and may lead to both security and control weaknesses, leading to file updating problems and very slow calculation times in certain circumstances (e.g. multiple user access).
Spreadsheet modelling in the Cloud can be useful – but it needs to be thought through carefully.
Post new comment