OPEN GI 'CLOUD' SYSTEM

[GGCFC68]

Open Gi are trying to convince me to go over to their Cloud System, with all of the associated products, benefits etc.

I can see the advantages of doing so but my account manager has advised me (and has double checked his own advice) that my staff will then be able to access our Open Gi system from anywhere even outside of the office. I don't think I'm going mad here but why would any broker want to allow staff to do that ? I have one person who can access Open Gi remotely from his house but that is because I authorised him to. I have even put to my account manager that why had no one thought of this 'issue' at Open Gi. He has just advised me that they have had a number of comments about this and are trying to find a solution but there isn't one at the moment.

I assume other brokers are aware of this who have already swapped to this system, but can anyone tell me if they have found their own solution to stop staff accessing the system outside of work. Many thanks.

[Mark Sollis]

Hi Gary - thanks for raising this one - and a concern for many I'm sure

 

There is a whole debate here around employee trust and general access control for any cloud solution in a commercial environment. One of the "benefits" of cloud based applications is their accessibility from anywhere (any beach?) in the world - and the converse risk, is their accessibility from anywhere (any home!) in the world  ...

 

I would start by asking the question as to what restrictions are in place WITHIN the office environment that do not exist when accessing remotely - from "home"? In the office, can a staff member download customer data and copy this to a USB? Can they process unauthorised transactions / payments without supervision? Can they access HNW client data and farm addresses, numbers and personal information for their own use? Can they delete diary records, risk information? Can they falsify history, sales, quotes and other KPI records for their own gain? If they can do this in the office, why would they do they need to log in from home?

 

I suspect the office risk is only marginally better than an at home risk - but you will need to answer those questions - and all workplaces are different. Whether it's open plan, offices, restricted areas etc - all have risk and opportunity.

 

Putting all the above to one side however, there are (should be!?) many technical options within the providers capability. Restricting access to known locations (IP Addresses) is a simple and effective solution as well as applying restrictions by time of day as well as additional monitoring tools to look at user activity and behaviours. These are basic options and relatively easily achievable for any responsible provider - as long as they have the correct network architecture, cloud set-up and a security conscious approach - oh and the desire to do so ...

 

My recommendation would be to take compliance advice and assess any additional and validated risks with home access to any cloud solution - whether it's OGI, email accounts or phone systems. Part of that process will be to mitigate all known risks and part of that, is to have providers that can offer technical security to meet your needs. It's your data and your business and under legislation and compliance, you are required to protect both. 

 

Please post back with the OGI response - meanwhile I'm sure other members here will have their own views

 

Thanks for posting

 

Mark