Small and medium-sized companies in particular benefit from the use of the cloud, as day-to-day business is becoming more and more fast-paced and mobile. Home office is part of everyday life. Employees increase their efficiency by using company data and documents on the go. Time is a precious commodity. Companies should not lose sight of the issues of data, access and legal security as well as service quality with regard to the cloud, especially when it comes to mobile solutions.
Due to market changes, SMEs are under increasing competitive pressure. In order to remain economically successful in the long term, they must continuously adapt to the new requirements of their business environment. It is in the employer’s interest if employees can also access business-relevant content while on the move: This makes work processes more dynamic, faster and more effective.
As simple as it sounds, putting it into practice is by no means trivial. Mobile data traffic and data storage in the cloud must always be secured. For reasons of self-protection, employers are therefore required to ensure the appropriate framework conditions for the secure exchange of business-relevant data.
Security for your company data
This starts with the essential question in the area of data security: Where does the cloud provider save the customer’s cloud data? When choosing a provider, with a view to data protection, it is important that they save the data in Europe, ideally in Germany. Of course, the provider should use comprehensive encryption methods, both for the transfer of data between the (mobile) end devices and the data centers, as well as for storing the data in the data centers. In addition, the provider must be able to objectively prove the professionalism of its data center operation, for example through certifications such as ISO 27001, ISO 20000 or TÜV certification.
Access only for authenticated persons
When it comes to access security, many customers underestimate the importance of the cloud login for security in the cloud. E-mail address and password offer little protection against misuse of cloud access. Login methods that require a second factor in addition to knowledge of the login name and password (two-factor authentication) are better. In this case, for example, a “Mobile PIN” is sent to a registered mobile phone during a registration process, which must be entered in addition to the e-mail address and password when logging in. This procedure is developing more and more into the business standard.
There are even more secure login procedures such as “single sign-on” with a digital certificate, the use of the company account for the cloud login or registration with a digital identity such as the German ID card. An example of a secure and mobile solution from the cloud: Using an iPad app allows authentication with a “mobile PIN” or certificate, and the data is encrypted locally on the end device. The user can also define a security code that differs from the mobile phone or tablet PIN, which protects the business data. Someone who borrows an iPad, for example, still has no access to business documents.
Data storage under European law
For the customer, legal security means that he has a specific contractual partner in Europe or in Germany, with standardized cloud contracts in accordance with European or German law. A secure cloud, for example, offers customers in Germany an agreement on order data processing in accordance with Section 11 of the Federal Data Protection Act.
Cloud contracts must create clarity and transparency and, ideally, also regulate service levels, for example the contractually guaranteed availability of the cloud service. In this sense, certified providers publish the actually measured service levels of the cloud service. Many cloud providers today rely on infrastructure services from other manufacturers (e.g. on Amazon or Microsoft Windows Azure). Your cloud service is therefore dependent on the legal requirements and the service levels of these third-party providers.
Seal of approval for quality assurance
In times of “NSA” and “Prism”, “Made in Europe” is an essential seal of approval for sustainable quality. The ability to integrate a cloud service, ideally using manufacturer and platform-independent standards, also plays an important role.
The right choice of cloud provider is partly responsible for the success of SMEs. A business cloud for medium-sized companies is not only concerned with the technical security of the storage space, such as high availability and regular data backups. It can be easily integrated into existing IT environments and security systems, guarantees data storage in Europe and offers the highest level of security for authentication. With user-friendly apps and additional tools for the traceability of data, a European business cloud makes an important contribution to increasing efficiency in companies.