Despite the benefits of and advancements in anytime, anywhere computing, some contractors remain skeptical about the security of many software applications, with confidence ranging from total and unquestioning to hoping for the best with ad hoc safety measures to absolutely zero.
A 2015 survey of construction companies found that more than 20% of respondents were unsure whether they had any cloud security policies or procedures at all.1 And, AGC’s 2016 Construction Hiring & Business Outlook Survey national results found that less than half of respondents had mobile security policies in place, with 40% citing security concerns as the primary reason for not using cloud-based software.2 In all of this uncertainty, many just aren’t willing to take the gamble these technologies appear to represent.
Cloud Computing: An Ambiguous Concept
How “the cloud” is understood varies widely and is often debated. In broad terms, the National Institute of Standards and Technology defines cloud computing as “a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.” JBKnowledge, Inc. translates this to mean “computing, storage, and data transmission that is available, anywhere, anytime, on any device, in any capacity or location desired.”3
Put even more simply, it means computing over an internet connection, which includes Software-as-a-Service (SaaS) as well as mobile applications that sync with another server, like an office computer.
So are cloud-based accounting programs and jobsite mobile apps secure? To help answer this question, here are a few facts that construction companies should know.
Data Security Begins at Home
While it might come as a surprise, one of the biggest threats to data security is an internal breach, rather than hackers coming in from the outside, that results in data exfiltration – the act of moving data out of the system. In other words, if infiltration is breaking and entering, then exfiltration is the act of burglary. An Intel study found that more than 40% of instances of data exfiltration were performed internally, whether that was with physical media like USB drives or with various web-based methods like e-mail.4