The concept of “the cloud” has been discussed as a strategic issue in business organizations for a long time because the amounts of corporate data constantly grow, requiring new forms of IT infrastructure solutions. This trend justifies the fact many businesses have already shifted their files to server space rented from external – cloud providers. However, there are still many issues that need to be resolved before a company makes a leap to the cloud, and these issues are primarily related to data security and privacy.
One of the basic discussions related to the cloud is definitely the choice of a suitable platform, i.e. public or private servers. Private data centers are often seen as the most secure forms of data storage but this is a costly investment which still doesn’t guarantee a 100% security. This is why organizations sometimes simply adopt multiple platforms and distribute their data across both public and private clouds, thus making a customized, hybrid environment for their workloads.
However, when it comes to security, the main assumption is that the type of cloud is as important as the type of data protection the organization itself deploys. This means that even if your data is kept locally on well-protected on-premise servers, there are still possibilities they get lost or misused, if appropriate security measures are not implemented.
Therefore there are three most important areas that should be strictly controlled, regardless of a type of platform a company uses:
- Data management. Deploying internal management teams to configure and maintain servers is often seen as the major advantage of the private cloud. No organization would easily rely on external stuff when it comes to data protection. However, an internal team doesn’t necessarily lower the chances of data being distributed outside the company. Before the rise of the cloud most of the company’s infrastructure related to data protection and management was fully internal. But there were security breaches back then, too.
- Encryption. Organizations are generally afraid of having their data exposed to the third parties and this is one of the primary inhibitors to implementing public cloud solutions. Most public cloud vendors offer server-side encryption that doesn’t sound very safe since it still means that authorized employees would be able to access your data. Basically, as long as the encryption is stored at the same place as the data, there’s a possibility of an unauthorized access. Therefore, organizations should find the ways to implement their own encryption instead of relying on the vendor’s security measures. With the latest buzz around the leaked NSA data monitoring activities, the necessity for high encryption standards has become even more striking, which motivated leading IT experts to announce that 2014 would be “the year of encryption.”
- Data access. The full control of who access data and from where is equally important in both private and public clouds. Only the persons of trust and reputation should have the access to the most sensitive data, while identity management and individual authorizations must be properly conducted
Different surveys tend show highly variable results when it comes to companies’ overall satisfaction with the cloud. Some report that CIOs generally had much greater expectations from the newly adopted technology but most companies express their satisfaction with the public cloud despite its shortcomings. The 2012 Future of Cloud Computing Survey showed that the users generally believed the cloud was a safe place for mission-critical applications, which triggered a somewhat accelerated transition to public servers. However, many businesses still remained loyal to their local servers, believing that traditional infrastructures could fit their needs better than anything else.
Obviously, a solution to the dilemma depends upon the company’s particular needs and wants. It seemed that the year 2012 didn’t much space for resisting the cloud and this only increased the cloud adoption rates over the last two years. However, not all the companies embraced the cloud, which is perfectly reasonable. Nevertheless, they still need to keep learning about the best practices in the cloud and make sure their data storage decisions are made based on this knowledge.