How do you Protect Information in and from the Cloud?
The more I'm on the road meeting with customers, partners and industry colleagues, the more I'm convinced we've come to a crossroads, where traditional client server IT is now finally giving way to a more flexible and accessible information-driven alternative.
This may be familiar to many already; however there’s no doubt that a sea change is taking place in the conversations on this subject from a year ago compared with where we are today. The underpinnings of that change are not entirely driven by technology but by the world of the Digital Native. The Digital Native was born into a world of Internet, readily available access to all information and having an "always connected" lens on the world. The Digital Native uses his or her social networks to communicate, is open about it, and only engages with the enterprise if enabled to interact in this relatively new form.
Why, you might think is this relevant to a discussion about Cloud and protecting the information within? The answer lies in the hardware of choice for the Digital Native: the mobile device. These powerful, smart and instant on devices are used by the Digital Native to work and play freely in a connected world. This phenomenon has taken the industry by storm and is making IT managers gasp for air as they try to keep their IT structures aligned and protected. The access anywhere principle of mobile has given Cloud its next reason for existence.
Most discussions on Cloud adoption initially were about agility enhancements to the internal datacenter—requiring such innovations as multitenant applications and 'pay-as-you-go' functionality for departmental charge back. However, the real strategic IT value will come from efficiently adopting Cloud and Cloud services to either build, consume or extend your business expectations and accommodate the requirement for ever faster and more flexible choice of application services.
Whichever IT industry analyst report you look at, each one points to the same conclusion: investments in Cloud (private and public) adoption will reach as much as $60 billion worldwide (IDC prediction) and will shift from an infrastructure conversation to an application and information focus.
As Cloud gains traction, public Cloud services have been adopted particularly quickly, introducing low level services such as antispam, basic gateway security and reduced on-premise archiving through solutions such as Symantec.Cloud. However, as the confidence in Cloud matures and grows, we are seeing organizations starting to adopt more mission-critical application services such as CRM, ERP, eDiscovery and for example SAP's Cloud solutions such as SAP Travel OnDemand.
The key word here is confidence. In recent Gartner Cloud adoption studies, security is still called out as the number one concern amongst many enterprises. Their key questions are related to data privacy: how do I know who has access to my data in the Cloud? How do I control the flow of my information in the Cloud once outside my perimeter? And how do I ensure the right usage policy for my employees?
Whilst all these concerns are entirely valid and the efforts to combat them (via standards for example) are good, the Digital Native will not wait patiently on the sidelines. They are already connecting to a Cloud service using their own smart device—sharing your confidential information in what's very likely a non-compliant Cloud service!
During a recent presentation at a sizable organization, for instance, I asked a room of about 100 people how many were using an external Cloud storage service to share company information. About 85 percent raised their hands. I did not count the number of iPads in the room but at least 50 percent of the audience had one, despite the fact company policy did not permit the purchase of tablets. This may only have been a straw poll, but it mirrors the situation today and without action, your confidential data could be tomorrow's headline news!
All of this raises the inevitable question: how do I protect my information in and from the Cloud? As in most situations, it is vital to assess your risk when adopting a Cloud service. Does the partner have sufficient measures in place to ensure my data and applications are secure even in the case of bankruptcy? Ask yourself how your current on-premise security protects your information and identities. Would the same protection be effective outside the firewall? Lastly, and fundamental to effectively managing information in a region like Europe, ensure you have a strong governance framework in place.
These three principles are the foundations for an effective Cloud security posture and will ensure your information and identities are protected—no matter whether using private, public or any other form of Cloud.
As the number of public Cloud services increases, so does the need to maintain centralized access and governance control. In reality what you need is a layer above the Clouds that will help your users access Cloud services with confidence and trust. As the leading provider of Cloud security, Symantec has developed a single sign-on platform to access authorized Cloud services securely and with the proper governance controls to prevent data loss, and to secure the encrypted transfer of company sensitive information to the Cloud.
On an individual Cloud service level, security technologies such as data loss prevention, encryption, and user authentication are key but must work hand in hand as part of complete and integrated security strategy.
How do IT strategists and decision-makers strike a balance between the tremendous potential of cloud computing and the security required to protect newly exposed information assets? Find out more.
You can also visit www.symantec.uk/O3 to learn more about the Symantec Secure Cloud Access Platform.
And don't forget, the user is already ahead of you!