With the growing spread of the 2019 coronavirus disease (“COVID-19”), businesses around the world are activating their business continuity plans to ensure that operations continue with minimum disruption. Such plans typically involve, among other measures, organising staff into separate teams with each team taking turns to work from home, and minimising physical contact among staff, as well as with business associates and customers.
Described as the world’s largest work-from-home experiment, businesses have to rely on information technology (“IT”) systems that can be accessed remotely and enable employees to connect with colleagues, business associates and customers through the use of common IT systems.
Many businesses already have existing IT systems in place, but more often than not, these are proprietary systems installed on the organisation's premises. Whilst these proprietary IT systems have the capability of being accessed remotely and in different geographical regions, they often rely on traditional software architecture that can be highly complex, and limited in scalability and flexibility. As a result, businesses are not able to respond and adapt to customers' needs quickly. Moreover, to keep the on-premises programmes and servers secure from external attacks and breaches, the IT team would have to install layers of passwords, firewalls, and VPN barriers in the IT system, and this can make access to the on-premises programmes and databases cumbersome when needed, resulting in a negative impact on the ability of employees to work seamlessly from outside the office.
Cloud-based solutions are software applications that are hosted in the cloud and are easily accessible from any electronic device that has Internet access. The convenience of adopting cloud-based solutions is that anyone with internet access, and has access to the cloud-based solution, can work collectively from anywhere. The ease of accessing an organisation's programmes and database from virtually any location is especially valuable as it enables employees to work and to connect with colleagues, business associates or customers from a remote location. With increasing business needs and diverse demands from a global workforce, businesses need to move away from on-premises IT systems to cloud-based solutions. As a matter of fact, vendors of proprietary IT systems are already developing the next generation of systems as cloud-based solutions to replace their on-premises IT systems.
Singapore Government initiatives
As Singapore transforms itself to a leading Digital Economy, the Infocomm Media Development Authority of Singapore ("IMDA") has launched GoCloud as the next digital capability area to help Small and Medium Enterprises ("SMEs") that engage in Infocomm Technology (“ICT”) and related activities move from traditional software development practices and architecture to using applications deployed and delivered through the cloud as Cloud Native applications or services. IMDA has appointed five service providers to provide consultancy and training to equip development teams of ICT SMEs with digital capabilities in Cloud-Native, Microservices and Development Operations (DevOps).
In addition, Enterprise Singapore, the government agency championing enterprise development, administers the Productivity Solutions Grant (PSG) which provides up to 70% funding to support companies keen on adopting IT solutions and equipment to enhance their business processes. The PSG covers sector-specific solutions as well as solutions that cut across industries, such as in areas of customer management, data analytics, financial management and inventory tracking.
A big hurdle faced by the adoption of cloud-based solutions is the common misconception that cloud-based systems are inherently less secure than on-premises IT systems. Many business owners accustomed to using local servers are reluctant to adopt cloud computing due to the fear that proprietary data and information stored in third-party servers is less secure than on-premises servers. This misconception is largely due to the fact that a cloud-based system requires the organisation to store their data on servers and systems operated by a third-party, the cloud service provider. There is a sense that the organisation has little or no control over the cloud-based system, when in fact, storing data on the cloud is just as secure as it is in on-premises servers. As more and more businesses move to cloud computing, cloud service providers have been forced to maintain high levels of security to meet the demands of their users. With increased investment in security, cloud technology is just as secure, if not more secure, and reliable than traditional on-premise solutions.
Mitigating the risk of adopting cloud-based solutions
To address concerns about moving to the cloud, it is advisable to conduct proper due diligence on the cloud-based system used by the service provider and scrutinise the terms and conditions of use before engaging any cloud service provider.
In selecting a cloud service provider, check that the service provider:
- is reputable and established;
- complies with regulatory and personal data protection obligations;
- is preferably ISO 27001-accredited, the international standard for information security management;
- has security measures to protect data from being hacked;
- encrypts data in storage and in use; and
- has added security measures in granting access to the services and the data, for example two-factor authentication.
In addition, business owners should apprise themselves of some of the key legal issues associated with using cloud-based systems before moving to the cloud. These key legal issues include:
Privacy and security
The first and foremost concern of a business owner is whether the cloud service provider has developed and implemented robust security mechanisms that are able to safeguard their users' data in the cloud. Check that the cloud service provider has implemented extensive security mechanisms to protect their users' data from unauthorised access or disclosure.
Check the provisions in the terms and conditions regarding availability, back up facilities, planned outages, critical and noncritical outages, service credits and termination rights. Typically, the terms and conditions would state that in case of a breach, the sole remedy of the user is a service credit, which is usually capped as a percentage of the fees paid during the preceding 12-months. However, there should also be a clause allowing you to terminate the contract if the interruption spans over an agreed timeline.
Liability for data breach
Check what the terms and conditions say about the cloud service provider's liability for data breach. Do the terms and conditions include a limit of liability provision? This will generally state the maximum monetary amount that the cloud service provider will pay in the event they are responsible for a data breach. It may be in your interest to negotiate this clause prior to entering into a contract with the cloud service provider if the potential damage to your business from a data breach far exceeds the liability cap. You should also consider taking out data breach or cyber-security insurance.
Ownership of data
You should not assume that you own all rights to the data stored in the cloud. Check that the terms and conditions make it expressly clear that all data your company places in the cloud will be owned by you and will be retrievable when necessary.
Check that the cloud service provider undertakes to maintain the confidentiality of your data stored in their servers. Indemnity. Check that the cloud service provider agrees in the terms and conditions that it will indemnify you for any loss or damage that you suffer in the event they breach any of their representations, warranties or obligations.
Transition upon termination
Check the extent to which the cloud service provider will assist in transferring your data to a new cloud service provider and co-operate with the new cloud service provider in transitioning the service should you decide to move to a new cloud service provider.
As the COVID-19 outbreak forces companies to explore agile work arrangements, businesses should take this “experiment” to re-evaluate their IT systems (especially if they are still using traditional software architecture). They should consider adopting cloud-based solutions that are scalable; facilitates remote collaboration between employees, business associates and customers; and enables more flexible work practices compared to traditional on-premises IT infrastructures. Besides these apparent benefits, crossing over to cloud-based solutions have the added benefit of enabling businesses to stay relevant and future-proof themselves as the economy goes fully digital.