Security Vulnerability: Why Small Businesses Should Move to the Cloud

In January 2016, many organizations with on-premises infrastructure and ERPs were knocked out of business for a few days by some of the most malicious malware and ransomware that we have seen to-date. Unfortunately, this breach is part of a larger trend that we can only expect will continue.

Small- to medium-sized businesses are particularly vulnerable to these attacks. With limited resources to continue to invest in the infrastructure necessary for security, their primary focus needs to remain on the business demands required to stay competitive. Inadequate backups and disaster recovery procedures often compound these issues.  

This confluence of security vulnerability, limited capability in disaster recovery and increased points of failure with mobility used by a global workforce, sets up a perfect storm to keep every CIO, CTO, CEO and CFO up at night. In January, specific businesses hit by these viruses were down for days trying to restore systems and then realizing the existing backups were insufficient. In some cases, entire days of work were lost, while others were on hold until resolution of the ransomware payment through untraceable vehicles such as Bitcoin. If this scenario was to occur during peak times or seasonality, which vary by industry, the impact could cost organizations millions of dollars in lost sales and revenue, as well as long-term brand damage.

To avoid similar scenarios, there are two immediate steps that every organization should take:

1. Perform a security and disaster recovery health check to assess your vulnerabilities and the required investments to resolve. If you don’t have this in place already, get an immediate diagnostic on what is getting past your firewall today. Look at your architecture and the potential points of failure. You may be quite surprised and, unfortunately, alarmed as to what is found. If on-premises is the way you want to continue for specific business reasons, there are a set of investments that will be required each year to reduce your exposure. You also would need to address shortcomings in disaster recovery.  Organizations should also consider leveraging a managed service provider that understands your operations and can provide infrastructure outsourcing and optional disaster recovery support to reduce the risk.

2. Accelerate transition to the cloud to reduce your operational exposure. The firewalls and architecture to prevent this type of scenario are much more sophisticated than what small- to mid-sized companies can afford. The environment is protected 24x7 and comes with backups and disaster recovery to limit exposure. Companies also gain much more robust recovery time objective (RTO) SLAs to reduce downtime in any catastrophic or disruptive scenario.    

3. Finally, when I speak to companies about cloud adoption and disaster recovery investments, ROI is sometimes restricted by request to limit the evaluation to current outlays such as FTE costs and CAPEX expenditures. In many cases this is compelling enough to move forward. In the case where security and disaster recovery are currently insufficient in a company, the ROI calculations may be misleading. An organization should factor in what it should be spending for disaster recovery and security and/or the risk to the company if it were down for one to two days during peak processing times. This may lead you to a different decision regarding the cloud, managed services and disaster recovery investments. Either way – a move to the cloud or maintain your operation on-premises – this is the year to shore up your security and disaster recovery processes.