Jump to content
  • 0

OPEN GI 'CLOUD' SYSTEM


GGCFC68

Question

Open Gi are trying to convince me to go over to their Cloud System, with all of the associated products, benefits etc.

I can see the advantages of doing so but my account manager has advised me (and has double checked his own advice) that my staff will then be able to access our Open Gi system from anywhere even outside of the office. I don't think I'm going mad here but why would any broker want to allow staff to do that ? I have one person who can access Open Gi remotely from his house but that is because I authorised him to. I have even put to my account manager that why had no one thought of this 'issue' at Open Gi. He has just advised me that they have had a number of comments about this and are trying to find a solution but there isn't one at the moment.

I assume other brokers are aware of this who have already swapped to this system, but can anyone tell me if they have found their own solution to stop staff accessing the system outside of work. Many thanks.

Link to comment

1 answer to this question

Recommended Posts

  • 0

Hi Gary - thanks for raising this one - and a concern for many I'm sure

 

There is a whole debate here around employee trust and general access control for any cloud solution in a commercial environment. One of the "benefits" of cloud based applications is their accessibility from anywhere (any beach?) in the world - and the converse risk, is their accessibility from anywhere (any home!) in the world  ...

 

I would start by asking the question as to what restrictions are in place WITHIN the office environment that do not exist when accessing remotely - from "home"? In the office, can a staff member download customer data and copy this to a USB? Can they process unauthorised transactions / payments without supervision? Can they access HNW client data and farm addresses, numbers and personal information for their own use? Can they delete diary records, risk information? Can they falsify history, sales, quotes and other KPI records for their own gain? If they can do this in the office, why would they do they need to log in from home?

 

I suspect the office risk is only marginally better than an at home risk - but you will need to answer those questions - and all workplaces are different. Whether it's open plan, offices, restricted areas etc - all have risk and opportunity.

 

Putting all the above to one side however, there are (should be!?) many technical options within the providers capability. Restricting access to known locations (IP Addresses) is a simple and effective solution as well as applying restrictions by time of day as well as additional monitoring tools to look at user activity and behaviours. These are basic options and relatively easily achievable for any responsible provider - as long as they have the correct network architecture, cloud set-up and a security conscious approach - oh and the desire to do so ...

 

My recommendation would be to take compliance advice and assess any additional and validated risks with home access to any cloud solution - whether it's OGI, email accounts or phone systems. Part of that process will be to mitigate all known risks and part of that, is to have providers that can offer technical security to meet your needs. It's your data and your business and under legislation and compliance, you are required to protect both. 

 

Please post back with the OGI response - meanwhile I'm sure other members here will have their own views

 

Thanks for posting

 

Mark

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Posts

    • Hi Val - I've not heard this being an issue generally - very strange. OGI will be best to investigate. Would be good to know the outcome!!   Just a thought - is it only the extract / csv with the issue - or does the full printed report still not report these?  
    • Has anyone else come across this problem, we are getting quite a few cases where the renewal is not populating on the list.  OGI have been looking at this from the copy CSV lists we have sent them, but have not resolved this issue yet. 
    • Open GI Sanction Check Update!   Function shortfall now on the #OpenGI radar - watch this space! 
    • Partnership deals that are in the interests of Open-GI's profits and not the best infrastructure for their clients. HP - (30% returns from printers to servers when I worked for a HP partner. Haven't been pleasantly surprised with 6 more years of dealing with their hardware). Microsoft - Oh ook another 60 security holes and a zero-day (M$ product zero-days can only be fixed or mitigated by Microsoft) that has been actively exploited for over two months now. Sophos - Tavis Ormandy of Google's top security team, charitably wrote a 30 page paper, which concludes that the company was "working with good intentions" but is "ill-equipped to handle the output of one co-operative security researcher working in his spare time". Recently, they forced through Multi-Factor Authentication for their "cloud" management site (which has a really useless, coutnerintuitve and uninformative interface), that is completely useless in a ransomware take over, you could easily be left without access to your "cloud". They should implement physical keys if they are going to push for this, not software methods that can be taken over as part of an attack. 
    • The real question for Open GI is why is only 1 browser supported?   Why do you think that is?   10 points for each correct answer …
×
×
  • Create New...