Why employees can be the biggest headache when transitioning to the cloud
A business setting up today wouldn’t start by building a data centre to serve deskbound employees. They would opt for cloud computing and enable flexible working from day one.
The alternative would involve unnecessary capital expenditure on expensive IT equipment, and a working environment unfit for today’s world – with the ONS predicting that half of the UK workforce will be working remotely by 2020.
Yet, the reality is there are still countless SMEs operating from a traditional infrastructure, catering to traditional working patterns. No doubt there are people in those businesses who are casting envious eyes towards more agile start-ups, who were born in the cloud, without the weight of their legacy infrastructure.
So, what’s stopping established SMEs from following suit? Well, first and foremost, there is the huge amount of money that businesses have already spent on their servers, storage, networking, cooling systems, etc. This equipment will be rendered useless if they make the leap into the cloud. It’s a big call for any business to walk away from that kind of investment.
This is happening though – and it often happens following one outlay too many. For example, we were working with one customer who had resisted the cloud right up to the point where the air conditioning system in their server room broke down. That was enough for them to reconsider, and they ultimately decided to make the switch.
Technology is not the biggest transition challenge
From a technical perspective, the transition into the cloud is not as complicated as it once might have been - the cloud computing industry is now a well-established and mature sector. It would also be highly unusual if a business was not utilising some form of cloud service already. It’s quite possible that part of their infrastructure currently exists in the cloud for backup purposes, as part of their disaster recovery and business continuity plan.
Technical deployment is not where IT departments find their biggest challenge. More often than not, it comes from the change management process and the necessary behavioural adjustment employees need to make.
To facilitate flexible working, employees will often access the corporate network, via the cloud, using several different devices during their working week, either owned by themselves or the company. This has massively expanded the number of devices IT departments need to secure.
This can include adding anti-malware and firewalls to corporate devices, as well as conducting regular software updates. The toughest challenge when employees are working remotely, however, is getting them to adhere to the correct protocols.
Taking steps to protect cloud users
While IT departments can guarantee corporate technology is working as it should, they can’t always control the people using it or what devices they may wish to use. So, steps need to be taken to ensure that whatever the device used by employees, they do not become easy pickings for the cybercriminals who pose a threat to the corporate network.
The first step is to educate the workforce on those threats. With people being asked for multiple passwords when accessing online accounts these days, it’s common for employees to choose something that’s easy to remember. But easy to remember also means easy to guess. It’s common to hear of hackers successfully cracking passwords by using personal information they have siphoned from social media – whether that’s your favourite football team or the names of your children.
It’s advisable for IT departments to work with HR to alert employees to the dangers of weak passwords – along with other cyber-attack techniques, such as phishing on email.
We can also add extra layers of protection by adding multi-factor verification. This can be as simple as sending an authentication code to the employee’s mobile phone whenever they try to log-in to the corporate network.
It is also worth setting up rules to protect the corporate network when employees are operating in the field. Setting computers to lock, after a short period without use, is normal to prevent access when devices could be lost or stolen. But you can also restrict access to users operating within the UK, so online hackers in foreign countries cannot gain entry.
The decision to transition to the cloud fully can be a big call for an SME but, regardless of whether your organisation is moving fully or taking a hybrid approach, the need to facilitate remote access is only going to grow. So, it’s well worth taking these steps to ensure any cloud adoption is successfully embraced by employees, without opening the company up to online threats.