Cloud computing has changed the way that companies do business. The ability to leverage economies of scale have allowed businesses to stretch scarce resources – the old “do more with less” mandate with which companies, and particularly IT departments, are often hit during tight economic times. But while private clouds can make it easier for organizations to build availability and scale resources, it can also make data protection in the cloud more complex.
A recent article in Datamation titled “Private Cloud: 5 Myths Exposed” points out one of the primary security hiccups for moving to the cloud: “The risk is that you will end up having a different set of security tools for private servers versus public servers. This means you just doubled your security work and will have inconsistent controls between the two.” We know from experience that adding complexity can have a detrimental impact on data security. So how do companies take advantage of the benefits of cloud computing without adding potential vulnerabilities in their data protection strategy? Build a portable cloud security strategy.
At a basic level, security must be decoupled from the underlying hardware and made more portable. This can be accomplished with centralized policies for data encryption and access controls. Building centralized policies means that the protective measure in place (whether encryption or access controls) can follow the data irrespective of where that data resides or where it is moved. The cloud offers tremendous capabilities to companies managing tight resources. With that, though, comes different challenges in the realm of data protection. Managing security in a way that is flexible and scalable can help companies realize all of those benefits without introducing new risks.