With the vast amount of data stored on the public cloud, how do you know if your data is truly secure? What steps can you take to ensure you make the right choice when transitioning to the cloud?
The market for cloud infrastructure, platforms and applications is growing at a rapid pace; in fact, AMI research estimates that SMB cloud spending alone will reach $100B by 2014. It’s no surprise then that many, if not most organizations are looking to the sky as they move more and more data to the cloud.
Cloud computing is driving applications to shared infrastructure en masse; it’s reducing IT costs and enabling collaboration. But with the vast amount of data stored on the public cloud, how do you know if your data is truly secure? And what steps can you take to ensure you make the right choice when transitioning to the cloud?
When considering a move to the cloud, there are some important issues to address. The first is your provider. IT professionals considering a move to the cloud are well advised to qualify the provider and the technology that will be safeguarding their information before they make the move. A good way to measure available options in the IT space is to determine if they’ve been certified by the National Information Assurance Partnership (NIAP), a U.S. government initiative operated by the National Security Agency (NSA) and the Agency and National Institute of Standards and Technology (NIST).
Once certified, an organization’s technology will be assigned a Common Criteria Evaluation Assurance Level. Many IT products and operating systems available today are certified to EAL4+, the level of security appropriate for inadvertent and casual attempts to breach a system’s security. If you are looking to truly safeguard your information in the cloud, you will want to look for a system that boasts EAL6+ High Robustness, which provides the most stringent protection and rigorous security countermeasures against hostile and well-funded attackers. The Cyber Secure Institute is a great resource to look to when determining an IT provider’s security level, as its aim is to raise awareness about the Common Criteria and the organizations that have taken steps to ensure their technology is secure.
Once you’ve indentified and vetted a provider, the next important question is, “What data should be moved to the cloud?” This question is important because the answer may surprise some people: not all information is suitable to be stored on the cloud. Some information is too critical and should be isolated to maintain security. Never treat your organization’s data as one big lump. Some information may be proprietary and confidential; data including health records and social security numbers may want to be kept off the public cloud until you’re confident in its security. On the other hand, you may have data that you really want to be accessible by the public – this is the type of information that is well-suited for the initial move to the cloud.
Start your move to the cloud with your very public-facing data (company websites, shared calendars) and once you’ve built confidence in your provider, begin incrementally moving more private information to the cloud. Once more secure data is transitioned to the cloud, it’s essential that it be kept securely separated from non-sensitive information.
As cloud computing and virtualization technologies continue to improve the way we do business, interact and transact, taking advantage of cloud computing technology without compromising IT security should be your organization’s leading goal. If you approach transitioning to the cloud incrementally, taking steps to separate sensitive information from non-sensitive information, you’ll find a transition to the cloud offers a risk vs. reward balance.