Cloud Computing for Small Business: Criminal and Security Threats and Prevention Measures

Article excerpt

Cloud computing refers to the delivery of computer processing infrastructure, operating systems, software and data storage over Internet-based public or private computer networks. The aim is to relieve users of some of the burdens associated with maintaining computers and data storage, while enabling the associated costs to be reduced. Although cloud computing is still developing in popularity and coverage, its use raises a number of crime and security concerns, particularly for small business users. This paper charts the nature of these concerns for small business and reviews the detection, prevention and mitigation measures that may be implemented by small business users and cloud service providers to minimise or negate the risks identified.

The small business computing environment

The Australian Bureau of Statistics (2001) defines a small business as one employing fewer than 20 people and includes sole proprietorships as well as partnerships without employees. As at June 201 1 , small businesses represented 96 percent of businesses in Australia (ABS 2012). Small business suffers from what Welsh and White (1981 : 32) describe as 'resource poverty' compared with larger organisations. This includes limited in-house specialist technical and/or legal knowledge necessary to evaluate and capture the benefits of new operational services and technologies. It is also a very time-constrained working environment, where personnel frequently work overtime in order to complete necessary tasks. Small business has limited access to financial resources and inconsistent cash flow, as well as limited bargaining power. Arguably, there is a need for greater tolerance to risk, with many Australian small businesses experiencing low survival rates- in any one year, more than 15 percent of all small businesses can be expected to fail (DIISR 2011).

In relation to information and communications technologies (ICT), small businesses may seek to save costs by using laptop computers, tablet devices and mobile phones for both business and personal use. ICT is also often shared among personnel and small businesses are more likely to have poorly setup and maintained firewalls, virus protection and other security software than their larger counterparts.

Small businesses face a number of computer security threats and may lack the time and/or technical resources to install software updates and patches to fix software and security bugs or address wireless network security, rendering them vulnerable to network exploitation (Hutchings2012). Finally, small businesses are always on the lookout for new tools and are willing to adopt alternative software applications. These aspects all create vulnerabilities in terms of computer security and safety.

One solution that is gradually being adopted by small business is to make use of so-called 'cloud computing'. Cloud computing includes the delivery of computer processing infrastructure (Infrastructure as a Service- laaS), operating system platforms (Platform as a Service- PaaS) and/or software, databases and storage as a service (Software as a Service- SaaS) on demand over either a public or private computer network (Meli & Granee 2011). The range of cloud computing services (including some that are provided free of charge) that meet the particular needs of small business is vast and growing rapidly.

There are many benefits to be derived from cloud computing for small business including improvements in cash flow, reduced administrative and personnel overheads, more efficient setup and maintenance of ICT, and improvements in computer security, particularly with respect to the secure storage of sensitive information (Mowbray 2009). Finally, cloud services replace the need for frequent software installation and updates, and their accompanying service downtime.

While cloud computing holds great promise for small business, it does not completely remove all ICT overheads. Small businesses remain tasked with engaging other subscription services, such as an Internet Service Provider. …