And do not you go to the clouds?
Cloud technologies have now become fashionable, which is probably why Microsoft is focusing on supporting work in the cloud. Is it worth going where you were sent? Let's leave home users alone, we are now interested in the offices of small companies, because, like, cloud technologies are focused on them. Why? Let's understand in order. What is a cloud or cloud technologies is a rental from the provider of some information resources: platforms, services, servers or applications that are accessed via the Internet. The key word here is rent. The meaning of the cloud in reducing the cost of the purchase and maintenance of equipment and software. Thus, it is cheaper for medium and large companies to create all the necessary infrastructure themselves (more precisely, it has been created for a long time) than to rent the same from the provider. As an example, let's compare the purchase of a building and the rent of the same building. What to do when there is no money to buy a building? This is the case for small businesses, especially startups, so we will not consider medium and large offices further.
For example, take the organization of accounting in a small business. The cloud service providers in this example will help you to abandon the initial costs and costs of maintaining the hardware and software for the accounting application — you will have to purchase, configure, maintain, etc., as with the local use of accounting software. Is the game worth the candle? Let's count. In order not to advertise companies that provide such services, let's take the cost of one 1C site in the cloud in the amount of 1000 rubles per month. Suppose we need to organize 20 jobs. Total per year for the rental of 1C in the cloud, we will spend 240,000 rubles. Approximately the same amount we will spend one-time purchase of hardware for the server, 1C server license and 20 1C client licenses, but next year we will save almost 240,000 rubles on rent. The benefits are very dubious, and this is not surprising, because cloud companies have to spend almost the same money on the same goals. If a small company needs to save expenses on accounting services, then it may be worth transferring it to outsourcing? As a sweet carrot from using 1C in the cloud, we get:
Now about the disadvantages of cloud services, which so far outweigh all the advantages. The main disadvantage of cloud services is the lack of an adequate level of security. To ensure a security level comparable to a local network, you will have to solve a number of tasks:
What is this about? Mobile access (access not only from a local network, but also remotely) is not only a convenience, but a disadvantage at the same time. If local computers are easy enough to identify (for example, by IP or MAC address), then home devices do not belong to the company, so taking them into account is difficult. Why should we identify the device, can it be easier to identify the user? Then it is impossible to comply with the second paragraph. Why do we need to comply with corporate security policies? Without this, the security of the system cannot be guaranteed. Not only is the cloud a “black box” for a company, but it is also accessed from the “black box”. As an explanation, we take anti-virus protection of cloud 1C. The company cannot control the anti-virus protection of the cloud (at the thread level or at the operating system level), the company also cannot control the anti-virus state of the home device. It turns out that we are working on "maybe nothing will happen." How, then, do large companies provide access to the corporate network from home devices? Providing corporate security policies on home computers when connected to a corporation's network is done using expensive systems for monitoring and managing mobile users and devices.
The second reason for identifying a device, when a specific user is connected, is legal proof that a specific employee did a specific employee from a specific device. It is quite often used at the level of official investigation. Without this, any employee can say: “Whoever could have done this under my account?”
You can restrict access to the cloud only from the local network of the enterprise, but then you will lose mobility, that is, there will be no point in using the cloud (no benefits, no mobility). But even in this configuration, your data, including confidential, is placed on the equipment of the provider. You have absolutely no opportunity to influence the leakage of confidential data. Moreover, you will not even know about it. Even when your company stops using the cloud service, your data will be located “somewhere out there” without any kind of control on your part. This is not a dream, but just a fact that should be considered. For example, the bank card numbers of employees are entered in the accounting system in order to transfer wages to them. Why should some employee of the provider not use this data to improve their well-being? You can not influence it in any way.
The third, quite implicit, problem is the dependence on the provider. Moreover, a letter with a warning about the unavailability of the service then and then it is not the worst thing. For example, back again to 1C, which is famous for too frequent updates and not always in the case. One day, the work of some part of the accounting department can be broken, because after the next update, the technology of accounting for this very area has completely changed. And here the provider? And despite the fact that he is under the contract must carry out this update, but he is not responsible for its consequences. And it does not scare, well, well. Suppose you received a letter in which the provider obliges you to purchase an anti-virus protection service from him, otherwise the provider cannot guarantee the safety of your data. It seems to be all right, but:
“You no longer need the IT infrastructure” is so unprofessional enough to lure into the clouds. That is, according to cloud providers, all employees will become freelancers and will work at home, except that there’s a cleaner who doesn’t need a computer at the office. In general, the topic of remote work has its drawbacks, and not all employees are willing to work like this, but this is a completely different topic. The point is completely different - if you do not have your own IT infrastructure, then you will not have the tools to monitor employees. It is unlikely that such a firm will exist for a long time.
Where should cloud technology be used? Before answering this question, let's separate the public information from the local. Public information, such as advertising for your business, is intended for public use. In addition to advertising, public information may include your company's website, postal service and, with certain limitations, an Internet shop (perhaps in the comments, knowledgeable people will add many more examples of public services). Public services can use cloud technologies; moreover, it is more economical to place public services in the cloud. Local information as opposed to public information has a certain degree of confidentiality. Usually, service information is attributed to the DSP (for official use), but some of the information may be confidential under the law on personal data, for example, the salaries of employees. Moreover, the salary of a particular position may be public, for example, to search for applicants, but the specific salary of a particular individual is confidential. Even more difficult is the case with online store customers, but this is a topic for a completely different article. Even in the absence of any secret, local information is better placed on local resources. They simply have no reason to be in the clouds. Especially strange is the placement of backups in the cloud storage. What for? Too lazy to buy a cheap hard drive and dump backups to it. Or does this backup mean nothing, then why do it?
It turns out that Microsoft again "put on the wrong horse," but this company, as usual, can win, as cloud technology is currently a trend. "How are you still not in the cloud?" And we have been there for a long time. ”At the end of the 90s, Microsoft Office was used as a platform for rapid application development, thanks to the convenient Visual Basic for Applications, now few people remember VBA, but everyone knows Microsoft Office. Moreover, it is considered that this office suite should be installed on every office computer. Now Office is hiding in the clouds, shall we go after him?
For example, take the organization of accounting in a small business. The cloud service providers in this example will help you to abandon the initial costs and costs of maintaining the hardware and software for the accounting application — you will have to purchase, configure, maintain, etc., as with the local use of accounting software. Is the game worth the candle? Let's count. In order not to advertise companies that provide such services, let's take the cost of one 1C site in the cloud in the amount of 1000 rubles per month. Suppose we need to organize 20 jobs. Total per year for the rental of 1C in the cloud, we will spend 240,000 rubles. Approximately the same amount we will spend one-time purchase of hardware for the server, 1C server license and 20 1C client licenses, but next year we will save almost 240,000 rubles on rent. The benefits are very dubious, and this is not surprising, because cloud companies have to spend almost the same money on the same goals. If a small company needs to save expenses on accounting services, then it may be worth transferring it to outsourcing? As a sweet carrot from using 1C in the cloud, we get:
- mobility of access to 1C (that is, accountants can work from a home computer);
- daily data backup;
- regular updating of 1C programs;
- remote support of 1C programs;
- ease and transparency of planning expenses (no more expenses, except for rent).
Now about the disadvantages of cloud services, which so far outweigh all the advantages. The main disadvantage of cloud services is the lack of an adequate level of security. To ensure a security level comparable to a local network, you will have to solve a number of tasks:
- identification of the device and the user entering the cloud;
- checking compliance with corporate security policies of a device that has entered the cloud;
- logging (logging or logging) of user operations.
What is this about? Mobile access (access not only from a local network, but also remotely) is not only a convenience, but a disadvantage at the same time. If local computers are easy enough to identify (for example, by IP or MAC address), then home devices do not belong to the company, so taking them into account is difficult. Why should we identify the device, can it be easier to identify the user? Then it is impossible to comply with the second paragraph. Why do we need to comply with corporate security policies? Without this, the security of the system cannot be guaranteed. Not only is the cloud a “black box” for a company, but it is also accessed from the “black box”. As an explanation, we take anti-virus protection of cloud 1C. The company cannot control the anti-virus protection of the cloud (at the thread level or at the operating system level), the company also cannot control the anti-virus state of the home device. It turns out that we are working on "maybe nothing will happen." How, then, do large companies provide access to the corporate network from home devices? Providing corporate security policies on home computers when connected to a corporation's network is done using expensive systems for monitoring and managing mobile users and devices.
The second reason for identifying a device, when a specific user is connected, is legal proof that a specific employee did a specific employee from a specific device. It is quite often used at the level of official investigation. Without this, any employee can say: “Whoever could have done this under my account?”
You can restrict access to the cloud only from the local network of the enterprise, but then you will lose mobility, that is, there will be no point in using the cloud (no benefits, no mobility). But even in this configuration, your data, including confidential, is placed on the equipment of the provider. You have absolutely no opportunity to influence the leakage of confidential data. Moreover, you will not even know about it. Even when your company stops using the cloud service, your data will be located “somewhere out there” without any kind of control on your part. This is not a dream, but just a fact that should be considered. For example, the bank card numbers of employees are entered in the accounting system in order to transfer wages to them. Why should some employee of the provider not use this data to improve their well-being? You can not influence it in any way.
The third, quite implicit, problem is the dependence on the provider. Moreover, a letter with a warning about the unavailability of the service then and then it is not the worst thing. For example, back again to 1C, which is famous for too frequent updates and not always in the case. One day, the work of some part of the accounting department can be broken, because after the next update, the technology of accounting for this very area has completely changed. And here the provider? And despite the fact that he is under the contract must carry out this update, but he is not responsible for its consequences. And it does not scare, well, well. Suppose you received a letter in which the provider obliges you to purchase an anti-virus protection service from him, otherwise the provider cannot guarantee the safety of your data. It seems to be all right, but:
- why he guaranteed before, and now not;
- why it was not done at the conclusion of the contract.
“You no longer need the IT infrastructure” is so unprofessional enough to lure into the clouds. That is, according to cloud providers, all employees will become freelancers and will work at home, except that there’s a cleaner who doesn’t need a computer at the office. In general, the topic of remote work has its drawbacks, and not all employees are willing to work like this, but this is a completely different topic. The point is completely different - if you do not have your own IT infrastructure, then you will not have the tools to monitor employees. It is unlikely that such a firm will exist for a long time.
Where should cloud technology be used? Before answering this question, let's separate the public information from the local. Public information, such as advertising for your business, is intended for public use. In addition to advertising, public information may include your company's website, postal service and, with certain limitations, an Internet shop (perhaps in the comments, knowledgeable people will add many more examples of public services). Public services can use cloud technologies; moreover, it is more economical to place public services in the cloud. Local information as opposed to public information has a certain degree of confidentiality. Usually, service information is attributed to the DSP (for official use), but some of the information may be confidential under the law on personal data, for example, the salaries of employees. Moreover, the salary of a particular position may be public, for example, to search for applicants, but the specific salary of a particular individual is confidential. Even more difficult is the case with online store customers, but this is a topic for a completely different article. Even in the absence of any secret, local information is better placed on local resources. They simply have no reason to be in the clouds. Especially strange is the placement of backups in the cloud storage. What for? Too lazy to buy a cheap hard drive and dump backups to it. Or does this backup mean nothing, then why do it?
It turns out that Microsoft again "put on the wrong horse," but this company, as usual, can win, as cloud technology is currently a trend. "How are you still not in the cloud?" And we have been there for a long time. ”At the end of the 90s, Microsoft Office was used as a platform for rapid application development, thanks to the convenient Visual Basic for Applications, now few people remember VBA, but everyone knows Microsoft Office. Moreover, it is considered that this office suite should be installed on every office computer. Now Office is hiding in the clouds, shall we go after him?
')
Source: https://habr.com/ru/post/261789/
All Articles