Security
Cloudless not Clueless
The great buzz-word these days is the "cloud". But have you really thought about the implications for your business? It means losing control of your database!
That would be bad enough in a non-finance world, but in finance you are the custodian of some very sensitive information so the risks are magnified.
By contrast, LinxCRM is an on-premise solution and offers you all the benefits of remote-access to your data and off-site backups, without the risks of your data being internet-facing or "in the cloud"*.
What the experts say
Before getting caught up in all the hype of cloud computing it's worth doing a little research on the risks. For example, here's one of Microsoft's own security experts speaking in a conference promoting cloud computing, but cautioning again inappropriate use:
"Cloud computing is not always the right solution. If you need to protect
your data behind a firewall then the cloud may not be the answer."
Internal Microsoft Security Analyst speaking at TechEd Australia, Gold Coast, Qld, August 2010
Clearly there are right applications for cloud computing (such as non-sensitive data) and wrong applications (such as confidential business records).
Here are some other issues raised in the same Microsoft conference:
- "Malicious insiders" - these are employees of the service provider, software house or data centre who see an opportunity to make money by selling your database. (In the case of financial services this is a considerable risk since identity theft is rampant. Just imagine what a malicious insider could do with your client's drivers licence, passport and bank account numbers!)
- Account or service hijacking - this is where your services can be intercepted remotely to allow theft of data.
- Sovereignty - this refers to where your data is physically located and the implications that this might have. For example many data centres are overseas. How does that affect your liability under the Privacy Act which has rules against the transfer of data overseas?
- Unsubscribing - if you cancel your service, how do you know for sure that your data has been deleted?
Similarly, when one of our Directors was visiting Microsoft Headquarters in Redmond, USA, a senior Microsoft executive (their Marketing Manager Small Business), was very clear in his warning: "Make sure you don't end up in jail. Customer details get out on the internet at an alarmingly high rate."
So why is the Cloud so heavily promoted?
Despite such risks, small business is constantly bombarded with offers of cloud services. Why is that? We hate to be cynical but, from inside the industry, we can say with certainly that the primary reasons are commercial:
- So that you have to keep on paying. If you stop paying, you no longer have access to the application or data so, once you start, it's almost impossible to go back, thus providing a very attractive income stream for the service provider.
- In the financial services industry it is to keep you "sticky" - making it hard for you to move your business to an alternative aggregator or group.
To illustrate the above points, a Jan 2012 Microsoft newsletter to their reseller partners had an article entitled "Turn the cloud into your next Cash Cow!" and went on to recommend that they "Start milking this opportunity..."!
Protecting your independence
But it's not all about security in the usual sense. Keeping your database on-line can also be a threat to the very survival of your business in another way.
Can you imagine having a dispute with your aggregator, franchisor or other service provider? Would they have the ability to cut you off from your database? There have been many cases where this has happened and it has presented a serious risk to the businesses affected. Even if you left them under good terms, can you guarantee that you will be given all your CRM records, complete with supporting documentation, diary history and commission records? Can you rightfully argue that the data is yours or is there a clause (or sufficient ambiguity) in your contract to give them an excuse not to hand everything over?
LinxCRM gives you back your independence and respects your right to ownership of the data. You regain control of your database. You even have the option of buying the software outright so you can use it indefinitely without further cost if you wish. You also get the substantial bonus of having a system which will independently check your commissions.
What about off-site backups and remote access?
One of the few claimed advantages of on-line systems is that you don't need to backup your data - "it's all done for you". Another claimed advantage is that you can access it from anywhere.
LinxCRM can give you both these features, and without the unnecessary risks. Our Help Desk can provide further information on how to create encrypted, off-site backups and how to access your data, securely, from anywhere in the world.
This can include attachments to files such as pdfs, spreadsheets, Word documents and even photographs, all stored in the FileStore system.
(Incidentally, another claimed benefit of cloud computing is a saving on hardware. This is true for large government and corporate users who require massive servers and then could just manage with desktop systems to access those remote servers. But, for small business users, they only generally user smaller computer systems anyway, so there is unlikely to be any significant savings to be made).
Forecast: Storms approaching
Based on the above-mentioned risks we believe that cloud computing is a totally inappropriate medium for financial services data. Apart from the risks of your being cut off from your data due to a potential dispute with your service provider, aggregator or franchise group there is the ever-increasing risk associated with identity theft. We predict that this problem will get worse over time and some in the finance industry may ultimately be held legally liable.
Compare the pair
In summary, here's a quick comparison of on-line, cloud-based systems compared with the on-premise LinxCRM:
Risk | On-line / Cloud* | LinxCRM |
Data Security | Location often unknown. | Location known. |
Business Interruption | Can be switched off without notice. | Purchase option guarantees supply. |
Costs | You keep paying if you want access. | Can purchase outright at reasonable cost. |
Remote access | Accessible from any internet PC. | Accessible from any internet PC via private login or thin-client networking. |
Other | Privacy Act - potential breach if data stored overseas. | Under your control. |
So, on balance, whether your on-line system is hosted with an aggregator, franchise group or other third-party, all the risks are one-sided - on you.
By contrast LinxCRM gives you all the benefits and none of the risks - it's truly "cloudless" not "clueless".
Additional reading
You can find out much more about the risks of cloud computing by searching the internet. Here's a small selection of suggested additional reading. (Note most are third-party sites and may contain advertising):
Wall Street Journal: To Cloud or Not to Cloud
Microsoft: Choosing a Cloud Computing Services Provider (PDF 284KB)
Other: Storm warning for cloud computing and The Not So Obvious Problems With Cloud Computing
Also an article authored by us for the FBAA: Web-Based CRM - You Must Be Kidding! (PDF 641KB)
and on internet security in general from the MFAA & Australian Federal Govt: Government cautions small business on cyber crime
*Technically some would define "cloud" systems and "on-line" (or web-based) systems differently, although the lines are blurring. "On-line" generally means a system which is located on a remote system and you (usually) know where it is located. This would be the case with a VPS (Virtual Private Server) hosted with your service provider. By contrast, a true "cloud" system is in an unknown location and may even be in various locations (ie. have shadow copies) around the world. However, for the purposes of this discussion they both present similar risks and are treated synonymously.
