Over the past two years we’ve witnessed the transformation of the “cloud” from marketing fluff to mainstream IT. And we’re all beginning to understand exactly what the cloud is—and what it can mean from a business perspective.
The cloud is an expandable group of resources that run “somewhere else.” The user of cloud services does not have to know or care which hardware is running the service or where the infrastructure physically resides. It’s all outsourced to a third party, the cloud owner, and it’s all available on a pay-for-what-you-use basis. So you get the resources you need, as you need them, without sinking the budget into building and maintaining everything yourself.
The cloud is fine and great for storing photos, or music, or documents. We assume that the cloud owner has taken the appropriate security measures to protect the availability, privacy, and confidentiality of our treasured files.
But when it comes to payment data and bank information, we cannot afford to be so cavalier. It matters where things are stored, how they are stored, and how they are protected. From a legal and regulatory perspective, it makes a difference which country the data is physically stored in. Banks and business partners need to know where the cloud is located.
The key point is that the service provider who offers the cloud must clearly define the processes by which payment data is stored and protected, and must do so transparently. Many banks outsource their services to third-party providers who then have to comply to the same service standards as the bank does—sometimes the standards are even higher. They know where the data is stored and have all the necessary processes around security and reliability.
“Trust” is not a word or a concept that banks, businesses, or regulators are comfortable with. But if payments are outsourced to a cloud service provider who is compliant with all regulations and can articulate and demonstrate that compliance, it becomes possible to leverage the power of the cloud even for payments. And people who are doing so are finding that they are becoming more efficient and gaining a significant speed advantage as well as direct and indirect cost savings.
Cloud security is not an oxymoron—even when it comes to something as sensitive and business-critical as payments. Here are a few key points to help assuage your fears:
- With the cloud, you are leveraging the economies of scale and expertise at scale. For most companies, I think it’s pretty straightforward that you’re going to get a better level of security too—based on the accumulated experience and sophisticated knowledge of experts—without having to make continuous investments in building that core competence yourself.
- When it comes to data in the cloud, there is a significant difference between a “public” cloud, and a “private,” dedicated cloud. What you need is a private cloud infrastructure with a trusted partner.
- A private, dedicated cloud is completely separate, safe, secure, and firewalled off from any other party, except for authorized users, and is completely traceable.
- The security measures that are in place with a third-party private cloud vendor far exceed the data and cyber security standards and practices of even the largest corporations, and are constantly audited by government and security organizations.
As is the case with any new innovation, people and corporations who embrace it tend to become the new winners. The hesitation we’re seeing with moving to a cloud-based world is no different from what happened with the advent of ERP in the 80’s and the Internet in the 90’s. People or companies who blinked or balked fell behind. The difference is that corporations not embracing the cloud today are already starting fall behind, and need to accelerate.