Demystifying the cloud: complexities of online asset protection: cloud computing reduces costs and offers flexibility in the way companies manage information.
The common characterization of "the cloud" as some ubiquitous entity can be particularly misleading. "I think the first myth that needs to be dispelled is that the cloud is one thing. It's a broad term for a wide range of solutions. To use a metaphor, when you look up in the sky there are clouds, but there are all sorts of them."
Cloud computing can take place on the premises of a software vendor, in a data centre hosted by an infrastructure provider, or on a company's own servers. It could be situated anywhere in the world, and could house data, program functionality, infrastructure, or combinations of all three. It could be accessed over telecommunications lines, via satellite link, or over the Internet, and could use a variety of security technologies to prevent unwarranted access.
Cloud computing can also find its way into an organization through a variety of arrangements, often unbeknownst to IT and senior management. Software as a Service (SaaS), in which an application is hosted over the web, is rapidly becoming the default delivery method for enterprise software. At the desktop, cloud computing abounds--Google Apps, Microsoft SharePoint Online, and yes, even Facebook--are cloud applications. Then there are online backups, drop box utilities for sending large files, and other services.
This diversity means there is no standard playbook for protecting information assets in the cloud. Managers should focus both on cloud vendors and on internal policies.
Vendor selection and management
Some of the largest data breaches in history are the result of entire facilities being compromised. Suitable data centres should have security certification from organizations such as ISO, and should be equipped with access control systems, intrusion detection, and other technology.
Backup media, if transported, should travel in armoured vehicles.
Assurance has to be provided that any vendor hosting data will not disappear tomorrow.
Third party relationships
These are common in cloud computing, and have to be tracked.
Transport of data
A number of options are available for transporting data over the Internet or through private telecommunications infrastructure. They should be weighed from both a security and a bandwidth perspective.
Placing data in a remote facility may call for the extra precaution of encrypting the data. This has a significant impact on the host's computing resources, and vendor support for this practice must be clearly established at the outset.
Ownership of data
Asserting ownership rights over data hosted by another party requires vigilance. "When your contract with your cloud vendor runs out, how do you get your intellectual property back, and who's going to pay for it?" Charles Cooper, senior product manager, Atria Networks, says.
Without the physical boundaries of a data centre or personal relationships with people who manage the data, rules about how data is protected have to be explicitly defined.
Cloud computing raises the bar around password protection, especially if additional security measures such as encryption are being added. A specific policy that addresses everything from password complexity to the frequency of password changes is essential.
Consumer cloud applications
Millions of employees engage in cloud computing through sites like Google apps, Facebook, and iTunes, often under the radar screen of IT. Written policies governing these activities are essential.
Cloud computing, whether by design or default, is changing the business landscape of IT, and this calls for added attention to data privacy and security. In assessing the approach, it is essential for organizations to factor in the added costs of vendor management, revised employee policies, regulatory compliance preparation, and the potential use of outside security and privacy consultants.
Jacob Stoller is a Toronto-based writer and researcher.
|Printer friendly Cite/link Email Feedback|
|Publication:||CMA Magazine (Mississauga)|
|Date:||Mar 1, 2011|
|Previous Article:||Deal mediation: resolve issues as they arise: using mediator during the early stages of a transaction helps ensure neutrality.|
|Next Article:||Up in the sky: how companies are treating cloud computing.|