As business executives around the world begin to realize the vast potential of cloud computing, IT managers will have to move quickly to ensure data remains secure and the company stays compliant as it migrates to the new platform.
As is often the case with innovative technologies, cloud security is lagging behind adoption rates. In many organizations, enterprise interest in the cloud has been spurred by the promises of affordability and scalability, and IT professionals are now forced to begin deployments without a full understanding of the risks. In an effort to help technology teams address data protection concerns on the new platform, cloud expert Gilad Parann-Nissany recently shared several recommendations via Sys-Con Media.
Parann-Nissany recommends IT administrators approach the potentially overwhelming task of choosing a cloud provider by beginning at the data level. It is the business' responsibility to evaluate the security mechanisms a storage vendor has in place. This includes the assessment of which security solution vendors support the platform, what data protection features are available out of the box and how well the cloud provider understands best practices.
The data encryption strategy is also particularly important in public cloud environments, cautions Parann-Nissany. Businesses should thoroughly examine the encryption mechanisms offered by the cloud provider and decide whether they might be better served by third-party solutions. Oftentimes, outsourcing these responsibilities is a smart strategy for companies tasked with sustaining aggressive growth.
Regardless of the encryption strategy a company ultimately chooses to pursue, storing encryption keys is particularly important. Many experts advise businesses to keep these keys away from the cloud to improve security. However, this approach requires the company to provision additional resources to store the keys in-house, or partner with another SaaS vendor, according to Parann-Nissany. Alternatively, a number of vendors are beginning to develop key management platforms tailored to evolving cloud environments.
The cloud security concerns that continue to persist among many businesses are, in some cases, perfectly legitimate. The multi-tenancy inherent to public cloud computing poses unique challenges that security experts are still struggling to manage. And, as reported by BusinessWeek, skepticism only grows stronger when smaller firms hear about leading brands such as Amazon, Microsoft and Google struggling with their cloud services.
Despite these concerns, companies should remember that the technology is relatively young and best practices will take time to develop. But in the meantime, a thorough understanding of the principles of cloud computing security will allow companies to leverage the various benefits of the technology without fear of data breach or loss.