This article is posted with permission from VC3's blog and shares non-technical, municipal-relevant insights about critical technology issues, focusing on how technology reduces costs, helps better serve citizens, and lessens cybersecurity risks. VC3 is solely responsible for the article’s content.
Last year, Akron, Ohio experienced a cyberattack that took out many of its servers, computers, and technology systems for about two weeks. This cyberattack affected critical systems such as Akron’s online 311 system. According to GovTech, “The city's response included a direct appeal from Mayor Dan Horrigan to Ohio Gov. Mike DeWine for National Guard assistance. The FBI joined the Guard's cyber team and the city in an investigation that will take weeks or months.”
The GovTech article points out that, in the wake of the cyberattack, Akron considered switching to the cloud to mitigate future risk. For many years, we’ve written blog posts about why towns and cities should consider the cloud, and we’ve helped municipalities transition from on-premise hardware to the cloud. While a few rare situations may not apply, the cloud is generally a great option to help fend off cyberattacks and reduce liability in case a cyberattack occurs.
So how does cloud technology help with your cybersecurity and liability? Here are four ways.
1. Resiliency against Cyberattacks
If your servers get attacked, they often stand and fall based on your limited IT staff or single-person vendors who take care of them. We see many instances where towns and cities just don’t have the appropriate resources, budget, or expertise to keep up with security patching, proactively monitor for security risks, and provide an appropriate and immediate response after an incident occurs. As a result, servers, computers, software, and systems often have gaping security holes that make them a ticking time bomb ripe for a security incident.
When you instead store and access your information in the cloud, which only requires a computer and internet access, then you eliminate the need to maintain and secure hardware onsite. Cloud providers host your applications in massive data centers where they are always staying ahead of security threats. While you will still need to take some security precautions on your own, cloud applications often cover certain basic security fundamentals that decrease the chance of a cyberattack occurring.
2. Lessened Risk of Permanent Data Loss
Data backup and disaster recovery is ideal for the cloud, especially with offsite data backup to help with disaster recovery. In the cloud, snapshots get taken of your information, systems, data, and files at various points (such as once a day). Let’s say you experience a severe ransomware attack. You would have the option to return to a point before the ransomware attack (such as one or two days before). You may lose some data, but not as much if you had your own servers onsite and they were unusable.
With cloud data backup and disaster recovery, you would still need to test these backups to make sure that you can restore critical systems and information. But once you restore that information, you can be up and running in hours or days after a cyberattack—rather than weeks as in Akron’s case. Cloud data backup also works great for natural disasters such as hurricanes, tornados, or fires.
3. Access to Information Anywhere/Anytime After an Incident
It’s important to note that you also have access to your information anywhere/anytime all the time with the cloud. However, this feature of the cloud is especially important after a security incident. Let’s say some computers get infected with a virus or ransomware attack. After the systems are restored to a healthy state, you simply replace the infected computers with new ones and connect to your applications as if nothing happened. You can even access your systems from home, while traveling, or (in case of a natural disaster) from an offsite location in case city hall is destroyed.
4. Scalable Technology at Lower Cost
Cloud applications also scale up and down based on your needs. This reduces your upfront investment and ongoing costs, while also eliminating the costs of maintaining hardware. A great thing about cloud technology is that large cloud providers are able to offer incredibly advanced data center technology and application services to many, many organizations. Similar to a municipal league’s insurance risk pool, the volume of customers all receiving the same services allows cloud providers to keep costs low.
Part of those low costs come from giving you exactly what you need. Instead of buying software licenses that might be overkill for your municipality, you can granularly select a certain number of users served per month and adjust that number every month as needed.
How does this impact security and liability? You can select only the users you feel need access to certain applications, restrict their access to certain information, and delete users easily if they are terminated or leave your municipality. By giving specific users exactly what they need to do their jobs, you lessen the risk of unauthorized individuals accessing sensitive information.
In the interviews with Akron officials, they now wisely see the benefits of the cloud. Your municipality doesn’t have to wait until a disaster occurs. Act now to assess your hardware, software, and systems and look for opportunities to mitigate the risk of a cyberattack by moving to the cloud.