Spend Matters welcomes another guest post from Paul Blake of GEP.
Mention cloud-computing in polite society and the chances are you’ll be met with raised eyebrows and even the slightly terrified shudder. The notion that your procurement data might be “out there” somewhere – you know, hosted, on some who-knows-what servers in some low-cost data center in Obscuristan— is enough to make you want to run for cover.
But consider for a moment what data it is that you’re most concerned about. Is it the vast bulk of your transaction data? All that PO and AP data? Is that of real value to the opportunist or the industrial spy? Not in its raw form, I’ll wager.
What you really should be concerned about is the distillation of that raw data. The business intelligence analysis that becomes the management report. Those internal documents that inform and support your key strategic decisions. You don’t want those falling into the wrong hands, do you?
So you’ve heavily invested in data security. You have hack-proof firewalls and biometrically-controlled access to the machine room. But those high-value gems of crystallized data don’t live in the data center. They are created on the desktop from data extracted from the repository and synthesised as spreadsheets, graphs and slide decks, which are then distributed by email and intranet. The data that we pass between us via email is of far greater sensitivity and far greater value to our competitors than the stuff that we guard in our basement bunkers. Yet while we find it uncomfortable to contemplate storing our procurement data in the cloud, we’re free and easy with what is really important.
Think about it. You create a document on your laptop – it’s got performance results, strategic positioning statements and an analysis of the biggest risks to your operation and you email it to the senior management. Now there are a dozen copies of that document on as many laptops. Your colleagues have their company email synced to smartphones and tablets and within moments those sensitive documents are replicated dozens of times on as many devices. Those individuals concerned with losing data will back it up to memory sticks. Before you know it, the data you spent millions on protecting has spread like a virus across half the devices in your company in a highly concentrated, easy-to-understand form. Any one of those devices could be lost, mislaid, stolen or otherwise compromised, and it is an awful lot easier to crack email on a smartphone than a corporate firewall.
You and your colleagues want, and need, your data to be easily accessible regardless of where you are. It has been nearly twenty years since you were only able to access your email when you were in the office. Today we demand the autonomy and control that access to our data on the move gives us. So while you’ve been worrying about who has access to your company data, it’s been busy putting itself out there in ways over which you have absolutely no visibility and no control.
Put all of your data into the cloud, and those published reports don’t get replicated to all the laptops and tablets and phones. Your access is real-time, controllable and traceable. Leave a device in a taxi, and unless you’ve written your login credentials on the cover, there is simply nothing on it for the opportunist to get their grubby hands on.
In time we will look back on our propensity to proliferate really sensitive information willy-nilly with open-mouthed horror.
If you’re still convinced that third-party cloud platforms present too great a risk, then consider this: whose budget for logical and physical data security is greater, yours or that of Google or Microsoft?
Far from being a cause for concern and a high-risk strategy, cloud computing represents the only way to truly protect your data because it is everywhere, whether you like it or not.
For more interesting thinking on procurement, visit the GEP Knowledge Portal.