FINANCIAL AND SECURITY IMPLICATIONS OF CLOUD COMPUTING AND OUTSOURCING OF IT SERVICES

Financial managers and business executives now have another variable added to the list of their worries. The quest to create IT value through IT investments has made organizations to continually embrace cloud computing and outsourcing of IT services. This new trend in the accomplishment of computing services opened up a new concern for business executives- financial and security implications.

CLOUD COMPUTING EXPLAINED

In common parlance, cloud computing is the process of performing computing operations through a computer network connection without having to own or control computing hardware and networking infrastructures. Cloud computing heavily relies on virtualization technology. Think of cloud computing as you having the ability to plug into a pool of computing power and getting your computer jobs done without you having to worry about how to get it done. Just like the way you switch on your power outlet and make use of electricity without having to own or control electricity generating gadgets.

BENEFITS OF CLOUD COMPUTING

The benefits of cloud computing includes: saving overhead costs that relates to; cooling of equipment, electricity, physical security of computers, real estate rent, softwares and computer operators salaries.

Apart from cost reduction benefits, other benefits of cloud computing includes:

  • Scalability
  • Speed of execution
  • Transparent cost drivers
  • Extended benefits of outsourcing

RISKS

  • Loss of control
  • Security
  • Integrity
  • Privacy
  • Availability
  • Financial loss

COUNTERMEASURES

  • Store non private data in the cloud
  • Use data-a-rest encryption when engaging the service of cloud computing vendor for database as a service (DaaS)
  • Retain high sensitive data in-house
  • Avoid establishing contact between data in house and data with cloud computer vendors
  • Secure network connections for cloud administration
  • Diversify i.e. use more than one
  • Audit and log administrative actions and key entry point

Companies can also contact the services of auditors during the contractual level of cloud computing. An auditor will help review the policy of the potential cloud computing vendor’s vulnerability policies. Again, auditors also help ensure that the cloud vendor strictly adhered to relevant legislations like: the Privacy Acts, Gramm-Leach-Bliley Act, etc

The impact of cloud computing on the finance of both companies and individuals as far as InfoTech is concerned. Companies that want to reap bountifully from the competitive advantage that cloud computing and IT service outsourcing have to offer will have to evaluate risks of cloud computing and take appropriate measures to mitigate its effect on the finance of businesses.

SECURITY AND RISK LANDSCAPE OF INTERNET BANKING IN NIGERIA

In the quest to satisfy the ever expanding and insatiable appetite of customers of banks to get an increased access to banking products, banks and other financial institutions continued to deploy sophisticated IT and Network infrastructures to meet their customers’ demands. Internet banking is a one stop option for banks to give online real-time banking access to her customers.

The advent of internet banking in Nigeria altered the risk and security landscape of Nigerian banks. Financial and economic fraud/ crime in the Nigerian banking sector almost tripled since the advent of internet banking in Nigeria. Cases of identity theft increased and a lot of families lost their means of livelihood just as a result of one click of the mouse made by one fraudster in one remote area. All these and many more puts more pressure on bank executives and other stakeholders in the banking sub-sector.

Users’ confidence on banking in Nigeria continues to erode as cases of fraud and economic crime eats deeper into Nigeria’s financial sector. People complain of receiving an SMS Alert by 1:00am that a debit transaction is taking place on their account. The customer may not have access to either internet or the bank at that point in time to stop the transaction from continuing. This situation will not only erode public confidence but will also affect the business of the companies that specializes on the development of internet applications.

INTERNET BANKING AUTHENTICATION AND AUTHORIZATION IN NIGERIA

The increase in the financial losses associated with increased security issues and risks in Nigerian internet banking can be put under control if internet banking authentication and authorization are improved. Most Nigerian banks use static password to authorize and authenticate access. This is a bad practice and needs to be re-evaluated. Multi-factor access control to internet banking is what every forward looking bank in Nigeria and their executives should consider. A multi factor access control is a combination of authentications.

One good practice I have helped a bank in Nigeria implement is the use of Token in combination with static password and user name (ID). The process is simple; every customer that must use internet banking application must be given a token device that will be configured with the accounts. The serial number of the token device would be inputted in the customer’s account. A user of internet banking facility is automatically taken to a token page where s/he is required to input a randomly generated number from the token. With this, the negative effects hackers, pharmers, phishers and other financial fraudsters will be minimized.

If you by chance disclose or expose your internet banking ID and password, the identity theft will still not have access to your internet banking platform except s/he gets hold of your token- which is very rare.

To your internet banking safety!

VALUE OF IT TO THE FINANCE OF OUR BUSINESS

The financial implications of IT on our business are always highly levered. It either pays off bountifully or seriously saps our business off huge financial resources. This situation has caused managers and business executives to take the issue of IT governance very serious. What positive impact is IT having on the finance of a business is a question that needs to be answered by all business executives whose businesses are principally driven by IT.?

Businesses are beginning to rely more on carrying out a VFM (value for money) audit on IT infrastructures. VFM audit of IT simply means taking an in-depth look into both immediately quantifiable and non quantifiable financial benefits that the deployment of IT has brought to our business and finance. It is best practice to carryout this VFM audit on IT before and during early deployment of IT infrastructures. The skill for this valuable assessment of value of IT to our business is what a lot of folks are lacking and that is what this article is all about. I will share my vast experience in the field of finance and information technology. So read on.

IT VALUE FOR MONEY (VFM) AUDIT

IT can enable initiatives, inhibit initiatives or destroy initiatives. The objective of every business is to invest in IT infrastructures that will enable her achieve her corporate objectives. Since the objectives of companies before investing in IT is to add value to the profit line of her business, IT value for money audit seeks to see that IT actually creates value to a business.

Standards need to be established before carrying out an audit on it. So, the first thing that needs to be done is to establish the objective of the company. Once this is successfully established, relationship between the company’s objectives and the features of the IT infrastructure should be established. If they are positively correlated, then the IT investment might be fruitful but if negatively correlated or lack correlation, then the probability of that IT investment seeing the light of the day is slim.

This is a very important first step to take as it gives insight to management as to what should be expected of the IT infrastructure investment. If a bank’s objective for instance is to meet her customers online real-time banking needs, investing in IT infrastructures that does not have such features will definitely yield no returns.

After the above initial analysis, the next thing that needs to be done is to carryout assets utilization analysis or return on investment analysis. This will help the company find out if the IT infrastructure is underutilized or fully utilized. Estimates should be made in cases where it is difficult to carryout a meaningful analysis. Surveys should be used to get an overview of what customers’ satisfaction level is. Else, basic ratio analysis should be used.

Another aspect of needs to be looked into is the know-how of the staff of the business. A company will want to make sure that it has the right kind of workforce with the right IT skills to take full advantage of the IT. A cost benefit analysis of hiring new IT staff and foregoing the benefit of IT should be critically considered.

The above steps should help a VFM IT audit be carried out on IT investments. If done well, the increase losses recorded by companies on IT investments would be reduced drastically. Businesses should no longer make IT budgets and forget about it. IT budgets should be closely monitored in order to arrest the increasing extravagant IT infrastructure expenditures.