Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BLOG: Defending data with a secured cloud strategy

Loh Ching Soo | May 3, 2012
Key aspects that organisations need to look at in developing a secured cloud strategy.

In a recent post in Forrester's Vendor Strategy Blog, Michael Barnes, Principal Analyst for Vendor Strategy Professionals, wrote that more than 50 percent of organisations surveyed in Asia Pacific excluding Japan are either currently using or actively planning cloud initiatives.

Forrester's survey results also demonstrated a "surprising degree of maturity" across the region, underscoring the increased interest and adoption rates of cloud and virtualisation among Asia's businesses.

Loh Ching Soo
Loh Ching Soo

Despite this, the same report found that as many as 31 percent of organisations in Asia Pacific do not currently have a formal cloud or IT strategy in place. This is a significant finding, as the success of any cloud implementation does indeed rest on a solid transformation strategy.

Making the move to the cloud can be daunting as it compels CIOs to look at multiple issues – such as storage and server consolidation, automation and human resources – at the same time.

One important consideration in any cloud implementation is security. Here are key aspects that organisations need to look at in developing a secured cloud strategy.

1. Streamlining security and compliance
Security in the cloud era demands sophisticated solutions that not only address common threats but also help organisations meet compliance requirements. A strong cloud security policy clearly defines processes and procedures designed to protect against unauthorised information access from within and outside the organisation.

In a cloud environment, data control and ownership can cross organisational boundaries and extend into the service provider infrastructure. Prior to the move into the cloud, CIOs must conduct risk and compliance gap analysis to formulate a robust security plan. Additionally, a reference architecture can help ensure that proper security controls have been defined to cover all possible security threats. Internally, individual business units within the organisation may have differing needs and specific authorisation levels.

Issues of privacy and data integrity must be centrally managed and addressed to ensure effective and efficient security management. Solutions that can address the need for multiple layers of security include a secure multi-tenancy (SMT) architecture approach. Some SMT solutions integrate secure multi-tenancy with automation to achieve greater efficiency while mitigating operational configuration errors.

2. Data encryption as a second line of defence
Apart from securing your data from external attacks by setting up firewalls, data encryption can provide an additional level of defence. This is especially important for organisations that operate on public clouds where security controls are managed mainly by the cloud service provider. The concept of data encryption is not new.

However, in a shared infrastructure, companies need a centralised enterprise key management solution. Critical data can be found in applications, databases, file and storage systems and virtual machines.

 

1  2  Next Page 

Sign up for Computerworld eNewsletters.