When considering one’s options for performance or case management systems, one of the biggest concerns is security. This is because public sector organizations and government agencies usually manage a lot of sensitive data that must be kept private.

This is especially true when the data contains personal information about citizens, clients, customers, and/or service recipients.

One common question we come across is whether a cloud-based system (any system that is accessed over the internet) or an in-house system (systems installed on your computer like Excel) is more secure.

No system is 100% immune from a data breach, however, cloud-based systems are far more secure than tools like Excel for a number of reasons:

Centrally managed data:

In cloud-based systems, all the data is in one place, from any computer with an internet connection. In contrast, Excel documents are constantly copied, transferred, or otherwise shared and are almost never the same version. This is because they can be updated independently by anyone with access. With cloud-based systems, everyone is working with the same data. This also makes backing up the data much easier.

Access control:

Access relates to who can see/modify the data. Tools like Excel don’t have an easy or standard way to control who can access data and/or change it. With cloud-based systems, you can more easily manage user access and user roles, and you can keep a log of who has accessed what data and when. Comparatively, once an Excel document is shared with someone, you’ve lost control of who else can see/modify/share that document.


Cloud-based systems are normally designed to do one thing and do it very well. Excel is a spreadsheet tool that has virtually unlimited uses but doesn’t have any controls for specialized uses like case management.

HIPAA Compliance:

Many public sector organizations and service providers are going to look for systems that are HIPAA compliant. HIPAA is a standard for how to protect and secure data. Generally speaking, any cloud-based case management system designed for use in the healthcare industry or public health field is going to ensure HIPAA compliance. This link has some information on what HIPAA is all about https://digitalguardian.com/blog/what-hipaa-compliance


System security is highly correlated with the location of the data it contains. All software has to “live” somewhere on physical equipment (computers). These terms explain where that equipment is and who owns it:

Service provider environment: Data and software are located on a service provider’s (third-party) equipment (eg. Amazon’s AWS infrastructure).

On-premise environment: Data and software are located on equipment that the business owns and manages. (eg. In-house data centers).

For added clarity, cloud-based systems are generally synonymous with service-provider environments.

Research conducted in the tech field further supports that the location of data correlates with security. Cloud-based systems, therefore, are usually less prone to attack.

For example, Alert Logic’s 2012 Fall Cloud Security Report revealed that “on-premises environment users or customers actually suffer more incidents than those of service provider environments. On-premises environment users experience an average of 61.4 attacks, while service provider environment customers averaged only 27.8.”

It is important to understand that a cloud-based system can be just as vulnerable as an in-house system if the cloud-based system is not developed with rigor around security.

When considering a potential cloud-based system, Deloitte’s Chief Cloud Strategy Officer David Linthicum has some useful advice:

  1. Understand your security and governance requirements for a specific system and/or data store.
  2. Look at how the data is accessed, and look specifically at opportunities to breach.
  3. Vulnerability testing is an absolute necessity, no matter if you’re testing the security of cloud-based or traditional systems. Untested systems are unsecured systems.

Be sure to ask any service provider about their security measures and whether the system is compliant with any government regulations relevant to your agency or organization.

For example, Clear Impact’s case management system – Compyle – is built with a rigorous focus on security and compliance. Go here to more about how Compyle can help you safely and effectively manage your client data and support program impact.

Read next:

Read this blog for 7 key questions to ask when selecting a case management system.