When organizations take the decision to move to a private cloud computing infrastructure, one of their core concerns is usually security. In today’s data-centric era, ensuring that your data is safe, secure and controlled on servers or storage devices that can’t be accessed by external individuals or non-permitted companies is a sensible approach to take – but there remain a number of confusions and fears to be managed along the way.
The fears (real or perceived) are largely due to the use of shared infrastructure of public cloud offerings. Private cloud eliminates all or part of the shared infrastructure. How much is shared can be tailored to an organization’s risk tolerance. There is also a strong cost versus flexibility incentive to private cloud set-ups, as they make it easier for companies to move workload around on servers when spikes in usage occur, or when new apps are being rolled out. So moving to the cloud helps companies reduce the time it takes to deliver what users want, and the system is also highly scalable. Don’t let concerns over the risks of public cloud deny you these advantages. Minimize the risk and get all of the benefits cloud has to offer with private cloud.
But doubts remain
However, there can still be some confusion among companies considering the shift to private cloud – about how exactly it operates, how secure it is and where specific assets reside. It is very much about location, ownership and control.
The traditional understanding of the word “secure” meant something as fundamental as ‘something that I own behind locked doors’. If third parties could not touch your data, then they could not steal it was the thinking. So ‘secure’ meant your company’s sensitive data located on servers within your buildings, owned by you and controlled only by you – out of reach of vultures but also limiting your organization’s flexibility and capabilities. But times have changed – and now thinking needs to as well.
The new reality – it’s about data, not infrastructure
One key thing that has changed is that security in the cloud has become increasingly reliable – the cloud is not inherently less safe and secure than the enterprise data center - and this brings with it a need for a shift in philosophy. As with so many things in IT, as we go forward and invent and experiment more, so we learn more. If you think back to just around ten years ago when companies really began using the internet in earnest, they had to think of security in a very different way. The mentality was pretty much paranoid, an attitude of “nobody is allowed to touch my stuff” and with end-users and employees more often than not even unable to access personal email from the workplace.
The new philosophy that is needed to leverage the benefits of private cloud is that is isn’t just about perimeters any longer. ‘Ownership’ does not equal security and it never did - ask any hacker – working with the right cloud service provider (CSP) means that servers can sit either on your own site within your own network boundaries, or they can now also be located in your CSP’s data center – it’s become a question of opening your mind a little more and to trust (but verify) your CSP. Basically we need organizations and CIOs to change mindset and start thinking “Know what? It’s actually OK if people outside our company can access our machines and devices as long as our data is secure”.
That means redefining this longstanding definition of ‘secure’. The focus should not be on keeping people away from your servers and physical machines but rather keeping them away from your sensitive and valuable data. Your data can be secure even if you do not own the infrastructure; you just have to trust (but verify) your CSP. It is likely that they have better resources to keep your data secure than you have internally. Need more assurance? You can utilize methods like encryption and tokenization so that your CSP can access the servers in the private cloud that contain your data, they just can’t see the data itself. You yourself are then able to access the data stored on these servers through private, secure network links. And when choosing a CSP, today’s industry regulation and data security compliance requirements are there to give you confidence and trust (have I mentioned to verify?).
Cloud is here to stay
What is unarguable is that cloud computing is here to stay. Research estimates that 60 percent of CIOs now consider cloud to be their number one priority while Gartner expects cloud to be the bulk of new IT spend by 2016. It’s never been more important to get your private cloud approach right.
Eliot is an experienced information security expert with over thirty years of experience in the design and implementation of information security systems. He has gained knowledge and experience in a wide range of technologies, which have enabled him to provide true end-to-end data communications consultancy. Eliot has had extensive exposure to global internetworking environments including fortune 500 companies in the financial, pharmaceutical, air transport, hotel, chemical, food processing, manufacturing, and consulting services industries. He has been involved in many aspects of global projects, ranging from training end-users to designing and implementing portions of organizations’ global internetwork infrastructure.