About Us
Poof. And then it was all gone.
Who hasn’t been there? A hard drive that suddenly stops working, a camera’s SD card that no longer functions, or a smartphone full of photos that won’t respond at all. With the advent of “the cloud,” these problems are now a thing of the past. We automatically sync our photos and documents to Apple, Google, or Microsoft servers and trust them to store our data securely and redundantly. In general, this is indeed more reliable than storing your data locally.
But what if you receive a photo through a sketchy WhatsApp group? You know, one of those groups you were added to ages ago, that’s been quiet for months, but you haven’t bothered to leave. And suppose one of the members in that group shares a photo that everyone knows and agrees is totally inappropriate. Before you know it, that photo is synced to the cloud.
In the past, there have been instances where a cloud provider has discovered that you were storing content in your account that violated their code of conduct and subsequently blocked or deleted the entire account. The options for appealing such a decision are often limited. For those who experience this, the cloud suddenly doesn’t seem so secure anymore.
With the rise of the cloud and affordable, reliable, high-speed internet, the integration of IT systems has taken off. This makes sense, as integration offers many conveniences. You can access your documents from anywhere, you only need to log in to a single account, and a change of address in one system is automatically updated everywhere.
Integration also offers significant benefits for IT providers; it is more cost-effective to offer a broad range of functionalities. It is much easier to integrate with a system such as the Basic Register of Addresses and Buildings (BAG) than to build a proprietary database to link postal codes and street names.
Furthermore, a direct link to the source system prevents all sorts of issues regarding accuracy. If there are multiple systems where a person’s email address is stored, and these systems do not communicate with each other, how do we know which email address is correct?
In many situations, integration is therefore highly recommended.
However, from a risk management perspective, there is an additional consideration. Integration also creates dependencies. On the one hand, using single sign-on (SSO) is a solution for people who would otherwise forget their passwords or for removing employees who leave the company from all linked systems at once. But what if there’s an outage at the SSO provider and your colleagues suddenly can’t access all sorts of other important systems either?
By decoupling systems or using a "temporary" copy of data, these dependencies are reduced. In CrisisSuite, for example, when connecting to an HRM or document management system, we create a local copy of the files and personal data so that we still have access to them even if the organization’s IT infrastructure becomes inaccessible or insecure. This makes the system more robust.
As is often the case, the choice ultimately comes down to weighing the pros and cons of the various options. In practice, it is usually fairly straightforward to determine which dependencies are acceptable and where they are undesirable. However, this does require us to make a conscious decision.
In the business world, we see that many CISOs, IT managers, and crisis coordinators are actively working on this. That’s a good thing, but many smaller organizations could stand to take a more critical look at this.
In their personal lives, many people don’t give this a second thought, even though losing access to all their photos and documents can cause a great deal of frustration and sadness there as well. What’s more, the aforementioned cloud providers often make it so easy to link everything together that you really have to be quite determined to keep certain things separate. Still, I’m convinced it’s worth the effort.
.png)
