It’s 3am in the morning, do you know where all your company data is? The chances are that some of it is in paper format around the office; some is stored electronically on PCs, shared drives and servers; and probably more than you expect is being carried around on employees’ personal devices or in their homes. A growing proportion of business data will also be offsite ‘in the cloud’.
Cloud computing storage models sound ideal: it makes your treasury information easy to access and easy to share; storage space is unlimited and it’s low cost. However, there are security risks and other implications such as resiliency that need to be considered, especially when working with confidential financial records.
A survey of the finance sector conducted by Opinion Matters on behalf of Iron Mountain recently questioned 1,200 business leaders, including finance, IT and legal professionals, between late November and mid-December 2012. Focused on mid-sized to large businesses employing between 50 to 5,000 staff across the UK, France, Germany, Hungary, the Netherlands and Spain, the survey found that finance managers across Europe are concerned about the risks of placing sensitive data in the cloud. The concern centres around the security of data centres, listed as a top risk by 57% of respondents.
Treasury peers in other sectors noted similar concerns. Yet despite claiming to be aware of the risks, the study found that in fact finance managers adopt a relaxed attitude when it comes to cloud storage, with more than a third (35%) believing the cloud to be appropriate for storing confidential accounts, invoices, insurance claims and tax records. This is compared with 32% of IT managers.
A Wrong Assumption
What might explain this laid-back approach? One reason could be a lack of understanding about where responsibility for the data lies. The study showed that an overwhelming 88% of UK finance leaders believe that responsibility for the protection of their business data rests with the cloud service provider. This, however, is wrong: both the UK’s Data Protection Act and the European Union’s (EU) Data Protection Directive state that ultimate responsibility for security lies with the ‘data controller’ – the one deciding how and why the data is being stored and processed, and who is therefore accountable for any lost or compromised data.
Cloud storage offers many advantages that corporates can enjoy. It does not, however, replace the need for a comprehensive archive and backup strategy. Companies should take an approach that combines the benefits of cloud storage with the offline protection of magnetic tape technology.
While treasurers and finance managers should in no way be put off using the cloud, they should not do so indiscriminately. A lack of understanding of the risks associated with cloud storage can lead to ill-considered strategies that could expose businesses to data breaches and the associated financial and long-term reputational impacts. As the finance department is the lifeblood of any organisation, it needs to ensure that the business has done its research when it comes to the cloud.
Finance professionals need to apply common sense to what data belongs in the cloud and what should be stored elsewhere. Most of all, they need to make sure they, and the business as a whole, understand and accept full responsibility for their information, wherever it is kept. This brings us back to the opening question. If you don’t know the where your information resides, now might be a good time to find out.
When Mark Cuban declared that "Data is the new gold" he highlighted why information is possibly the most valuable asset a business has. APIs are the unsung heroes that make it possible to extract that value.
How treasury stands to benefit from blockchain: Ripple’s goal to revolutionise cross-border transactions
Imagine a world where cross-border transactions can occur in real-time, at a few cents per transaction, to and from any bank, in any ... read more
Europe’s opening banking regulation is finally here. After months of preparation across the continent, the Revised Payment Services Directive comes into effect on January 13.
A 'digital treasury ecosystem', where the CFO or treasurer makes real-time financial decisions on their tablets, is not far beyond the reach of currently available technology. In such an ecosystem, there is no direct reliance on banking partners or the company’s broader organisation - just an executive and an interactive dashboard powered by interconnected digital technologies, writes Eric Cohen, PwC.