The other day I was at a client site assisting them with building their global antifraud program. While there, I realized they did not have a process for back-up related to employees who travelled. They had a robust system-level process for backing up desktops and laptops while they were actively connected to their network. However, there was no process in place (manual or otherwise) to back-up the data on employee’s laptops when they were travelling and thus not connected to the organization’s network. Many of the thousands of people who travelled would be in the field (yes, sometimes an actual field near a tiny village in the jungle) for weeks at a time without a viable way to back-up their data.
From a risk perspective, this concerned me; especially when those people who travelled were part of the C-Suite or upper management. What would happen if their laptop was damaged in transit? What if their data was stolen? The risk seemed to grow as more and more scenarios were considered. Cost appeared to be the driving force behind not implementing a back-up plan for key people who travelled. However, when I recommended they consider a cloud solution, they pushed back with concerns of security and other questions that kept them from going in that direction. It made me realize they did not fully understand what “The Cloud” was and even their Chief Technology Officer at the global level decided a hardware solution would be better.
Unfortunately, they bought external hard-drives for only the people that asked for them and instructed the employees to back-up at will. First of all, if the laptop and only back-up in the form of an external drive are in the same travel bag and it gets stolen – the data is still gone. Keeping both of the only two copies of the data in the same place does not mitigate the risk of theft. It only prevents a loss of data should the laptop files get corrupted in transit. Second, there was no discussion about encrypting the data on the hard drive and it was not mandated at the headquarters level by policy, so the copy was practically gift wrapped for any potential fraudster. Third, if you leave it up to people to back-up their data on their own schedule, it rarely gets back-up at all. The best way to mitigate that risk is to automate the process. That was not done with the eternal drive solution. Fourth, a cloud solution could have provided a commiserate level of security had it been implemented and set-up properly. Fifth, there could have been a cloud solution that cost less than the combination of hardware cost and increased risk of loss of data not to mention the potential regulatory issues that come with a loss of sensitive data.
While I believe any executive makes decisions based on various inputs, I do hope they make informed decisions with all of the relevant information so they can make them in the best interest of the company. This experience highlighted to me that although “The Cloud” has been around for a while, many people still do not adequately understand what it is or how best to use it in their organization. Since the topic is beyond my skill set, I reached out to a subject matter expert and asked him to explain in laymen’s terms what the cloud is and how a company can make it work for them.
Grab some popcorn, sit back and I hope you find the conversation as interesting and useful as I did.