With the recent report that the FTC is considering a request to shut down Google Apps, the question of Cloud Security has come up and with it the question of if data in the cloud is risky. Of course only the government could hold a two day hearing on whether or not data in the cloud is at risk.
With the recent report that the FTC is considering a request to shut down Google Apps, the question of Cloud Security has come up and with it the question of if data in the cloud is risky. Of course only the government could hold a two day hearing on whether or not data in the cloud is at risk.Data is always at risk. No matter if its in the cloud, on your servers and especially on your user's laptops.
You can certainly make the case that the data you control is safer. This assumes that data in your local data center is not at risk. Its safe to assume you have safeguards in place so that no one can hack into your network and get to your data, yet we see reports almost daily that this happens. I also assume that you have taken appropriate measures to make sure no one can walk out of your buildings with a USB drive full of customer sensitive data. Is it also safe to assume you have locked down every laptop that goes through the front doors at night? Is it safe to assume that you have auditing capabilities so you will know if the spreadsheet containing sensitive payroll data has been emailed to a gmail account?
Software from companies like Symantec, Promisec and Cofio Software can help implement and administer all that security and endpoint protection. Archive storage companies like Permabit, EMC and NexSan have the ability to encrypt data that is stored on their servers. So the question is have you?
But what about cloud storage? Just like local storage, if you take advantage of available safeguards it to can be secure. As we discussed in our article on Cloud Archiving, companies like Iron Mountain, Nirvanix and Bycast have the ability to have a mixed deployment model with local appliances to cache data before being transfered to the cloud storage data center. This data can be either encrypted by third party utilities prior to data movement or the local appliance itself can do the encryption.
Additionally then most archive focused solutions, be they cloud or local, have retention management capabilities built into them. That allows you to lock down data for set periods of times based on compliance or regulatory demands.
A Cloud Storage Provider, using either traditional archive solutions or cloud specific solutions can offer management of that retention as part of that service. Many businesses are either too small or too busy to understand exactly what the legal requirements are for their retention of data. Outsourcing that to someone that has the expertise and the focus to apply best practices and manage it for you may be the safest and most cost effective decision of all.
George Crump is founder of Storage Switzerland, an analyst firm focused on the virtualization and storage marketplaces. It provides strategic consulting and analysis to storage users, suppliers, and integrators. An industry veteran of more than 25 years, Crump has held engineering and sales positions at various IT industry manufacturers and integrators. Prior to Storage Switzerland, he was CTO at one of the nation's largest integrators.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.