Whatever your company does to enforce compliance, some of your enterprise data is already floating in one or more Public Clouds. Your employees have to get work done so they circumvent your IT departments’ carefully designed permission structure by sharing documents by Gmail or via Dropbox. The real question thus is not “to Cloud or not to Cloud” but “which Cloud?” This is where Private Cloud technology comes in.
Enterprises legally and commercially need to maintain control over their data while employees and customers need to be able to collaborate, share and sync files they need for business purposes. Hosting a Private Cloud allows control and collaboration, and protects sensitive files from unauthorized access and the risk of espionage. Discover the three main reasons to self-host your data as a company!
Privacy and control
With one in 5 UK companies hacked and ransomware attacks on the rise keeping your data private and secure should be your top priority at all time. This is not a responsibility you want to delegate to a Public Cloud, where your data will be mingled with those of hundreds of other companies. Your IT has no control over the software which runs on it or what happens to the data. A self-hosted solution like Nextcloud allows you to chose a more segmented approach, with on-premise Private Cloud for critical data and a data center of your choice for less-critical data. With encryption keys on premise, you get the best of both worlds – cloud data storage paired with local control.
Public Cloud vendors always insist on their security because they know it is their biggest weakness; they say they encrypt data, protect your encryption keys and prevent unauthorized people from accessing your data. But what are your guarantees? The strong security measures your IT team has implemented will be entirely circumvented by the Public Cloud. For instance, measures such as “accessing documents only through the company’s VPN” or “prevent access from certain countries” escape your control if your data is stored in Public Clouds. Of course, you can add software of another vendor on top which promises to enforce your rules, adding another potential security problem in the mix… With a Private Cloud, your own IT team can ensure the safety of your customers’ data by managing all these components, ideally based on your existing, fire-tested processes and tools.
In the end, the ability to know what is running, even access and audit its source code, is your best security guarantee. Nextcloud security processes have been audited by experts and our public Hacker One 5K bug bounty is a strong incentive for white hat hackers to find and report problems responsibly to us rather than hack away.
Leaking partner or your customers’ data is a massive legal risk. Credit cards, healthcare data, address or mere email and phone numbers; your company is responsible for their safety and having them fall in the wrong hands can result in expensive lawsuits. The problem is threefold:
- If data stored in the cloud cross international borders to get there, export control laws apply. The legal landscape is not settled, and different jurisdictions may look at the same question differently. Trump recently killed the successor of the Safe Harbour Agreement, Privacy Shield, with the stroke of a pen. Right now, it is very uncertain if US companies can host ANY sensitive data from European companies at all. Politicians can change the whole legal landscape overnight!
- Individual contracts with customers or suppliers may also prevent certain data from being stored on a third-party server. Going to Public Clouds means going over all these contracts and carefully checking if they include open restrictions on sharing or stringent security requirements not covered by cloud-based computing. You might end up being limited in your dealings with customers or partners who have such high-security standards.
- When it comes to personal data, being compliant with laws is often a headache. From April 2018, the European General Data Protection Regulation (GDPR) requires even stronger protection of customers’ personal data, forbidding data processors to store sensitive data outside of a list of approved countries.
Let’s consider the worst-case scenario: some of your data was leaked. The law requires you to inform your customers. If you use a Public Cloud, you may not find out there was a leak until long after the fact, hampering your ability to report (a legal requirement!) and mitigate the damage – Yahoo proved this by hiding a leak for 3 years. Private Clouds mean you are in control, and able to take the right measures when facing a data security issue.
Flexibility & vendor choice
Companies’ needs are constantly evolving, and their IT structure needs to adapt at the same speed. Most Public Clouds started as consumer products and have to build a very generic solution to cater to a wide range of customers. Rarely is it possible to truly customize and integrate into your specific workflows and needs. This kind of limitation was the reason that made Migsolvs want to change cloud supplier:
The service was adequate and the solution worked. However, over time it became more and more expensive and reporting became a problem because the report building function did not allow the creation of the kind of reports we were looking for.
Private Clouds cater your specificities by deeply integrating into your existing infrastructures like storage, authentication, monitoring and compliance tools and processes. Even better customization is possible due to the open source nature of solutions like Nextcloud.
Migsolvs actually discovered that changing providers is hard; the main issue was data migration. Ask yourself these questions:
- Does your new provider store data in the same way as your previous one?
- Is there even a clean data export feature which does not lose sharing status, older versions and other metadata in the first place? If not, some critical data may be lost during the process or it could require a lot more time.
- Can you keep your workflows, comments, activity monitoring or schedule? They are often as important as files themselves.
And migration is made harder by the lack of standards in the Cloud industry as co-author of the SOA Manifesto Joe McKendrick, notes:
Cloud computing may be erasing the gains we’ve made in terms of vendor dependence lock-in. Going with a cloud solution means buying into the specific protocols, standards and tools of the cloud vendor, making future migration costly and difficult.
Public Clouds set no upload limit, but downloading your data can be costly, as Derrick Wlodarz notes:
All the big players work in a similar manner. They let you move as much data as you wish into their cloud servers, but when it comes to pulling data out, it’s on your dime after a certain threshold.
Using your data should not cost you money. Whether you host on-premise or use a trusted IaaS provider, you can have the benefits of the Cloud without paying for using what is yours.
Migrating your data to Public Clouds is costly, migrating away is even more expensive. With Nextcloud you can take advantage of your existing processes, workflows and storage technologies, simply making them available through a familiar, easy to use interface. You avoid costly migration and gain fine-grained control over who has access to data when and where.