Defending data with a secure cloud strategy
By Loh Ching Soo, NetApp Singapore 11-Jun-2012
In a recent post in Forrester's Vendor Strategy Blog, Michael Barnes, principal analyst for Vendor Strategy Professionals, wrote that more than 50% of organizations surveyed in Asia Pacific excluding Japan are either currently using or actively planning cloud initiatives. Forrester's survey results also demonstrated a 'surprising degree of maturity' across the region, underscoring the increased interest and adoption rates of cloud and virtualization among Asia's businesses.
Despite this, the same report found that as many as 31% of organizations in Asia Pacific do not currently have a formal cloud or IT strategy in place. This is a significant finding, as the success of any cloud implementation does indeed rest on a solid transformation strategy. Making the move to the cloud can be daunting as it compels CIOs to look at multiple issues - such as storage and server consolidation, automation and human resources - at the same time.
Below are the key aspects that organizations need to look at in developing a secure cloud strategy.
1. Streamlining security and compliance
Security in the cloud era demands sophisticated solutions that not only address common threats but also help organizations meet compliance requirements. A strong cloud security policy clearly defines processes and procedures designed to protect against unauthorized information access from within and outside the organization.
In a cloud environment, data control and ownership can cross organizational boundaries and extend into the service provider infrastructure. Prior to the move into the cloud, CIOs must conduct risk and compliance gap analysis to formulate a robust security plan. Additionally, a reference architecture can help ensure that proper security controls have been defined to cover all possible security threats.
Internally, individual business units within the organization may have differing needs and specific authorization levels. Issues of privacy and data integrity must be centrally managed and addressed to ensure effective and efficient security management. Solutions that can address the need for multiple layers of security include a secure multi-tenancy (SMT) architecture approach. Some SMT solutions integrate secure multi-tenancy with automation to achieve greater efficiency while mitigating operational configuration errors.
2. Data encryption as a second line of defense
Apart from securing your data from external attacks by setting up firewalls, data encryption can provide an additional level of defense. This is especially important for organizations that operate on public clouds where security controls are managed mainly by the cloud service provider.
The concept of data encryption is not new. However, in a shared infrastructure, companies need a centralized enterprise key management solution. Critical data can be found in applications, databases, file and storage systems and virtual machines.
"The concept of data encryption is not new. However, in a shared infrastructure, companies need a centralized enterprise key management solution."
Without a centralized key management solution, organizations will be faced with multiple encryption pods with respective policy enforcements and corresponding key management mechanisms. If keys are lost, data will be compromised. With so many disparate keys to manage, the likelihood of key lost will be higher. Being able to uniformly manage all the respective encryption platforms from a single location offers security and control for organizations with multiple data centers and cloud environments.
3. Disaster-recovery measures
In migrating to a cloud environment, organizations need to consider a reliable and robust data recovery framework to minimize the risk of data loss or service interruption. Service providers should be able to efficiently and flexibly move entire data partitions across multiple storage systems regardless of the server environment, while maintaining continuous access to applications.
This is possible through replication, where datasets are mirrored and stored as back-up copies. De-duplication further enhances this process by reducing the number of duplicate copies and compressing back-up files to minimize the use of storage space. Most importantly, organizations need to ensure that these solutions are carried out in tandem, without downtime or compromising on business performance.
As cloud adoption gains traction in Asia, the level of maturity and sophistication in cloud-related services offered will also grow. What businesses must be aware of is that the journey to the cloud can be long and arduous and should only be attempted with an expert partner who can effectively address the multiple facets of a cloud implementation.
Loh Ching Soo is the country manager of NetApp Singapore.