Protecting Data in the Cloud

Data is the most important element in today’s agile, customer oriented business environment. And IT organizations are held responsible for access to that data, its stability and its security.

“It’s the data that’s the important thing,” says Diana Kelley, principal analyst with SecurityCurve, a research and consulting firm. “As enterprises send their data to devices they don’t own in the cloud, the question is, how can they give this data the best protection possible?” Kelley also notes that one of the best security solutions for cloud and virtualized environments “is data-centric, file-level encryption that is portable across all computing platforms and operating systems, and works within a private, public or hybrid cloud.”

When determining how to address data security responsibility, there are several ongoing developments around the business and enterprise organization that IT managers should take into consideration:

• The data center is no longer a monolith of mainframe technology: The glass house is gone. Data resides where it needs to, and on whatever platform that supports it, including the cloud. This means that securing data on any and all platforms is necessary.
• More and more people have access to an organization’s data: This includes not only employees throughout an organization, but customers, partners, and third-party contractors. Now cloud storage providers have access to the data as well. Assigning and maintaining proper levels of security for all these various constituencies is worrisome and complicated at best.
• Employees today are able to do more with the increasing amount of data that they can access: The consumerization of IT has meant that cloud services and applications employees use outside of their work space are being used to transfer or store corporate data, often without any IT involvement. This increases the risk of malicious behavior and unintended breaches, and makes data security a moving target.
• Compliance is a growing burden: The alphabet soup of regulations—SOX, PCI, HIPAA/HITECH, FISMA2, and standards like FIPS 140-2 and OMB M-06-16—is more likely to be a bigger issue rather than smaller in the future. Data security and regulatory compliance remain important in the cloud.

These factors contribute to the new data landscape, and demand a proactive—not a reactive—security stance. What does that mean? It means security should be an imperative for everyone in the organization, and from the top down. It means all corporate computing devices must be secured effectively and efficiently. Finally, it means data should be secured at the individual file level, not the platform or service level.