Cloud computing holds considerable promise and possibilities, but you’ll get much more out of the experience if you’re prepared.
For many, the cloud is an attractive proposition. It offers seemingly limitless storage options, cost savings for companies looking to reduce the premium space they need for datacenter storage, and increased efficiency with data and applications shared over the Internet.
However, most companies have numerous questions about security and access control for cloud applications. How can your organization make the best use of this evolving resource and keep your corporate data safe and secure?
When you board an airplane you’re asked to buckle your seat belt and listen to an important safety announcement. The same should be true before you propel your data down the runway and jet off to the cloud. So, what’s in your safety demonstration prior to boarding for your trip to the cloud?
If you’ve flown before, you know there’s limited space in the cabin. The majority of your luggage has to travel in the hold down below or in the overhead bin. Therefore, when you pack, you make sure you’re carrying your most valuable items in your in-flight bag. For a company’s data, it’s not all that different.
Before packing your data to send it off into the cloud, you need to sort, categorize and classify it. Not all of your company’s data will be suitable to store in the “hold.” If the data contains sensitive customer information that could damage your organizational reputation if compromised, then you need to ask yourself if you should really store that in the cloud. The answer will likely be no. You can store less-sensitive data with a cloud provider, and keep the critical sensitive data at your company headquarters.
Before you get anywhere near an airplane, or get your luggage stored in the hold, you have to pass through stringent security checks. Authorities will need to examine your passport or other government ID card. Legitimate travelers will have the correct documentation and will be allowed to pass through. Those who don’t will be identified and prevented from going any further, and prevented from causing any damage.
Assuming you’ve decided to store your data in the cloud, you need to make sure your “passport” controls are just as effective. This means security access control. You need to ensure that only authorized users can get into the data, and that they can only get into that data to which they legitimately have access.
If your security and access policies are too stringent or time consuming, legitimate users may not be allowed access. On the other hand, if they’re too easy, anyone can get in and violate the data.
Providing flexible access may mean your users will want to use personal devices from outside the corporate environment. This can open a whole can of worms, from a management and access-control perspective. Those outside devices may be infected with viruses or other malware that could jeopardize the security of your data or applications.
You keep your data password-protected in the real world. In the virtual world, you need even stronger safeguards. The question you have to ask is whether cloud security offers a comfortable, effective data security plan. If you can’t guarantee the security of your data, then you need to reconsider your move to the cloud.
Seatbelts are essential for safe air travel. Could the same be true for traveling to the cloud? New encryption software is actually designed to protect data stored in the cloud. AES 256-bit encryption is accepted as the most secure option in the real world, so you shouldn’t go with anything less for virtual storage.
You really need to know how secure your cloud storage provider is in the first place. If you have any doubts, you should shop around for another provider.
We’ve all had a vacation that didn’t quite work out the way we had imagined. We may have missed travel connections, or the weather didn’t cooperate. Moving to the cloud is similar. It isn’t suitable for everything or everyone. You need careful consideration and planning to ensure you’re migrating the right applications and data to get the maximum benefits from the increased efficiencies and lower costs.
Another element to consider is download speed. Bandwidth certainly shouldn’t be the only consideration when selecting a cloud services provider, but it’s still an important factor. You need to balance this with quality of support, pricing, features and reliability.
One final consideration, having planned your migration to the cloud, is to ensure you have a dependable escape route if something happens with your chosen provider, either from a technological or business perspective. If something goes terminally wrong, how will you reclaim your data? Are you locked in for a certain period of time? Will they help transfer your account and your data to another provider?
The cloud environment will likely be compromised at some point, probably in the not–too-distant future. IT analyst firm Gartner Inc. advises businesses to work closely with their cloud providers to ensure that potential security issues are flagged and dealt with before they become a problem.
Don’t be blinded by promises of performance or cost savings. A security breach could quickly eradicate both of these benefits. A serious enough breach could potentially deal a fatal blow to your organization. So be warned, and be careful as you prepare to move to the cloud.
Andy Cordial is the managing director of Origin Storage. He started his computer career with tape manufacturer Everex Systems. He then moved into computer distribution in 1989 and set up his first computer company, XL Distribution. In 2003, he invested in Origin Storage and continues to help build that business.
Not a TechNet Subscriber?
Confidently evaluate Microsoft software and plan deployments with a Microsoft TechNet Subscription.