Gary Sumner, CTO and founder of Datacastle, argues that businesses must centrally manage and enforce their data-security policies to cope with a growing panoply of cloud-services and endpoints.
Radical changes in the way business stores its data are looming, with massive implications for data-security. New Forrester research shows 66% of enterprises are moving their desktops, servers and data into the relatively uncharted territory of the hybrid cloud.
Recent events have made it clear that moving sensitive data into the cloud is not a silver bullet and will require a new awareness aware of the threats that need to be addressed before implementing a cloud storage strategy.
When a disgruntled employee recently succeeded in wiping out an entire season of a major US TV show, we saw how outsourcing sensitive data can render business vulnerable to the security models of the service-provider, while Amazon's notorious data-loss incident illustrated the inherent risks to keeping masses of vital information in a single repository. The University of Minnesota recently sued cloud-provider Oracle over a data breach, illuminating the conflict over legal liability that arises from outsourcing responsibility for data-protection to a cloud-host: and Google starkly illustrated the risk of unwanted global intruders invading all the alcoves within the multi-tenant space when it suffered a massive data breach which was subsequently blamed on China.
And with Microsoft's recent warning to the EU that the Patriot Act now renders its citizens personal data vulnerable to seizure by US law enforcement, we saw the potentially troubling implications of moving data outside national jurisdictions.
Yet, at its best, the public cloud is the epicentre of personal empowerment and the globalised information age; a vast, instantly-accessible global pay-as-you-go pool of corporate consciousness, which can be shrunk or expanded, accessed or updated, on demand from any location.
And with information set to become "the oil of the 21st century" and mobile multinational workforces spreading endpoints far and wide, it is clear that there can be no return to the days of fixed-endpoint data repositories.
The End of One-Size Fits All
Businesses now want to adopt a "pick and mix" approach, utilising the complementary benefits of different cloud models. The cost-saving benefits of the shared cloud-space, in terms of cheaper apps and limitless scaleable storage space, can be combined with the legal benefits of local clouds, and the security benefits of private clouds, enveloping sensitive data in an on-site cocoon.
The hybrid enables cloud-models to be moulded to the needs of differing industries and businesses, from companies trading information, which require instant data-recovery to ensure business continuity in the event of a disaster, to regulated industries which require some information to be stored within their own premises and businesses requiring data-space which can be rapidly scaled up or down in sync with fluctuating demand.
With private clouds increasingly being adopted in tandem with public-cloud models, virtual-machine sales were already outstripping sales of physical servers by 2009, and a Microtrend 2011 survey found many businesses are using all three cloud models almost equally.
The Hybrid Challenge
But the next generation of hybrid clouds and the rapidly multiplying array of user endpoints, are spawning a deadly new generation of security threats.
The expanding cluster of mobile devices and cloud models is leading to an increasing fragmentation of corporate data across multiple clouds and devices with different types of data-protection, placing corporate data at the mercy of vastly different security models.
33% of businesses already support mobile operating systems, a figure set to grow exponentially, and many businesses already make corporate information available through Tablets, yet 66% of businesses polled by the Ponemon Institute had recorded mobile device losses in the past year alone.
The modern ecosystem of mobile devices interconnected with multiple cloud models, creates an interdependency between cloud-providers, businesses and end-users with alarming implications. Imagine a scenario where an employee using mobile device support could have both the corporate data and personal data stored on their phone accessed by anyone who hacked into the cloud-provider. Conversely, if the employee later misplaced their Tablet, it could provide root-level access to sensitive business data stored in private or public clouds and available through easy-to-use apps. And employers are at risk of prosecution if they wipe personal data stored on employee Tablets when attempting to remove corporate data.
With 40% of businesses planning to manage hybrid clouds through in-house teams, the implementation of data-security policies across different cloud-models, devices and tiers of data could become an admin nightmare for corporate IT staff.
Businesses need solutions which can safeguard fragmented corporate data across multiple devices and clouds in line with corporate policy. Yet companies are currently adopting only patchwork solutions, which fail to take into account the abundant array of security threats.
Datacastle's RED software automates the process of integrating all business data-security policies through a central policy framework, by combining remote deletion remote port-locking, automatic encryption, device trace, automatic backup and data restore through a single agent, tailored to the policy needs of the organisation and architected for a hybrid-cloud model.
Critically, the upcoming adaptation of the software for Tablets will safeguard employee and business privacy, by distinguishing between personal and corporate data.
A unified cloud-computing infrastructure will only help business get the best out of cloud-technology if it can be protected under the umbrella of a unified security framework.