By Luke Mead, CEO of IT company LMS Group, which he founded when he was just 15 years old. LMS Group is a Microsoft Gold and Cisco Select partner, runs telephony services for NHS health centres and has over 200 clients across the world. Luke, 29, is a keynote speaker on cyber security, business IT alignment, and technology in the workplace. In 2011, he was voted Sussex Young Business Person of the Year

Your cloud bill is one of your highest business expenses after staff salaries so it’s

important to make sure you are maximising returns. The first step to cloud management and optimization is to get the full picture of what your company is using as it’s impossible to optimize your cloud if you can’t see what is going on. Once you have better visibility you can evaluate whether your current cloud utilization supports your organisation’s goals.

Cloud technology means we have the power to work from anywhere but, in truth, no-one actually needs to work from ‘anywhere’. It often makes sense for businesses to put in place geographic controls which, for instance, make it so that only people in the countries where staff are located, can access their systems.

It’s also important to control user access and the devices they use to login to your systems. Multi-factor authentication is a must for any business because basic password-only authentication provides no defence against sophisticated phishing attacks.

Why it’s worth the cost

While it’s easy to focus on the price tag of your cloud bill, it’s a better idea to ask yourself what the value of your cloud is, since this is what actually matters to your business’s success. Organisations often approach cloud operations from the wrong direction which ultimately results in higher OpEx costs with little value added.

It’s entirely possible to create an office anywhere. It’s zero touch and everything can be accessed remotely, so onboarding staff members and adding new customers or suppliers can all be done without travel. It can also be very secure, when implemented correctly. However, many organisations are led to believe that security is already in place when it is first set up, which is often not the case.

How to implement your cloud-based system

When implementing a cloud-based system the best approach is to work backwards starting with the goals in mind.

Luke Mead

Then consider what systems will best achieve those goals. Generally it’s best to keep it as simple as possible – everyone should will typically have one laptop and one mobile, and these are their sole devices and only they use them.

You can allow personal devices (BYOD- Bring Your Own Device) to be used but, if these are unregulated and able to access company systems and data such as email, then you’ve got a potential breach on your hands.

How organizations unintentionally hinder their own cloud operations

It’s key you know where all of your data is so that everyone in your team can access it and it can be kept safe. Some businesses have data siloed in a variety of places and this makes secure working from home harder and less manageable. Ideally, you want your staff members to be able to login once by using a single sign-on and then access everything they need from their device. Access to systems can be limited to working hours, location, user and device but only if this makes sense to the organisation. Data is the new oil, so make sure you know where you’re keeping your reserves and where your pipes are going.

Keeping your cloud systems secure

Cloud technology can be very secure, as long as you have some key controls in place. For instance, all devices need to be registered and enrolled, so only company approved devices and approved users can access the system. Also, limit the number of devices people use so they can only use one laptop and one mobile each. Location controls should be put in place so only those in the UK can get in – this removes the threat of the majority of the world’s hackers.

There are costs associated with cyber security, but they are usually manageable. However, the costs of a major data breach or a ransomware attack, to both the finances of your business and your reputation, are not. Staff working from home are now being seen as soft targets, but they don’t have to be. Never compromise on security, develop clear policies, spend what is necessary and keep the hackers out.