Data protection in the cloud: Solutions
Data Security in the Cloud: Challenges
Overcoming Information Security Challenges in Small & Medium Enterprises
The emergence of the cloud has revolutionized the IT industry and has allowed businesses to reap sizeable benefits. Enterprises are switching faster than ever from owning hardware to applications and services delivered through the Internet, to the extent of reducing earnings projections for traditional technology heavyweights like SAP and IBM. These have been called “the latest ripple effects of a major disruptive shift from onsite hardware-based implementations to cloud-based solutions, amid improving technology and bigger bandwidth to support it.” Frankly, it is a fascinating evolution in cloud technology that is flipping the paradigm around.
However, just as its explosive growth is real, so are the concerns and risks surrounding security and privacy in the cloud. There is data theft aplenty in the world, and in cloud computing, data security challenges abound. On the other hand while these challenges threaten to dissuade businesses from availing data center services, Gartner estimates the cloud industry to reach $250 billion by 2017, and by 2016 over a quarter of all applications (around 48 million) are likely to be available in the cloud (Global Technology Outlook: Cloud 2014: A More Disruptive Phase). Therefore, it becomes imperative for organizations to seek solutions relating to cloud data security. Some of the solutions are presented below:
Ask some fundamental questions: While care of the cloud is more likely to benefit your organization, do not start by harboring inflated expectations. Particularly relevant for startups, the tenant is also valid for mid-tier enterprises that aspire to be the next big thing by firmly clutching the cloud. Find answers to questions such as: How is the cloud offering going to prevent data loss and to what extent, especially in view of the rise of Advanced persistent threats (APTs)? What unique competitive advantage your service provider offers than the others you have evaluated? Are you solely responsible to detect breaches? What contribution can YOU make to control your sensitive data?
Hope on hybrid: In late 2013 Forbes found, “The cloud will be wondrous and fast and secure and reliable…one day. Today, it is not. And until that day comes we have the hybrid cloud.” We are afraid the day hasn’t arrived yet, and we agree it may be fast approaching! We also believe that, despite its limitations, hybrid cloud offers better protection. Cost effective, they combine the best of the two worlds, on-premises and off it. Most importantly, it facilitates the convenience of classification and allows hosting the data in the cloud you are willing to take risk on.
Meet regulatory guidelines: While businesses are keen on using the cloud due to the agility and cost efficiency the infrastructure offers, it is important they understand the security threats and the regulatory landscape involving the cloud. Sadly, amidst all the developments and debate, there are a large number of companies that are struggling with conceptual confusion relating to cloud data privacy laws. At a time when regulatory and compliance concerns are at an all time high, such deficiency can bring disastrous consequences impacting business continuity management. True, the debate surrounding the cloud remains trapped between policy and implementation – both regional and international, but enterprises would do well to comply with regional regulations relating data transmission and storage throughout the life of the data.
Implement an evolved data security strategy: In the face of growing security threats coupled with tightening of regulatory guidelines, organizations need to develop an evolved cloud data security strategy taking a multilayered approach. It is not sufficient for companies to simply rely on intrusion detection systems and leave the rest to reactive response and controls. It is time to go beyond firewalls and limit reliance on monitoring. The comprehensive strategy should include encryption protection and adequate access control measures, and the support of an advanced information security solution.
Adequate protection of data in the cloud is going to remain a constant challenge that needs to be mitigated with a risk management approach since security is about risk management. While a layered approach backed by a combination of traditional models and security intelligence will enable informed decision making, a proven security solution will work as an early warning system providing opportunity to avert any impending risk.
