You have to do your due diligence, looking at the cloud solutions available to you, and understanding how your own company's needs impact your cloud security and compliance requirements
Farmington, MI (Vocus) November 18, 2010
“To the cloud.” Everyone has seen the slew of commercials these days promoting use of the cloud – for consumer as well as business use. And now IT pros are feeling the pressure to move data – sometimes even business-critical data - into the cloud. CFOs and CEOs anxious to save money and increase usability of corporate computing systems are turning up the heat, and CIOs and IT managers have to know what to put in, who can manage it, and how to keep it safe. The bottom line on [cloud computing is that it can be a money saver and productivity enhancement, but you have to choose your provider carefully to ensure the security of your data. Logicalis (http://www.us.logicalis.com), an international provider of integrated information and communications technology (ICT) solutions and services, has boiled down its considerable expertise in this area to four critical decision points IT managers must examine before making their move.
“You have to do your due diligence, looking at the cloud solutions available to you, and understanding how your own company’s needs impact your cloud security and compliance requirements,” says Mike Martin, director of cloud computing for Logicalis. “Look for a cloud provider that will really have an open dialogue with you. Look at tiered solution providers, and judge them based on how their auditors and legal teams work to help you clearly understand just how your data is going to be managed and protected. If they are not willing to do that, then they may not have the flexibility to work with you in a way that will support your business needs.”
Decision Points That Determine Your Data’s Security in the Cloud
1. Do you know where your cloud is located? By law, certain data sets are not allowed to leave their country of origin. “The cloud” may sound distant, but every cloud provider has real machines sitting in real data centers somewhere – and you should know where they are physically located in order to know whether you are meeting your legal requirements for where your data can reside.
2. Do you need a moat? You also have to know what tier data center your business’ data requires. Most data centers today are Tier 2 or 3. Many people think they need Tier 4, which is the king of secure data centers. Tier 4 data centers provide the digital equivalent of a moat and armed guards, but few businesses require that level of security for their data.
Instead of looking for ways to fit your IT into a cloud, a more effective strategy is to start with your needs and see what cloud options could work for you. Begin by reading “Cloud Computing: How to Make Your Own Silver Lining” here: http://www.us.logicalis.com/PDF/Cloud-Computing-Feature-Story.pdf.
3. For your eyes only. What about the virtual aspects of security. How will users be authenticated? Through an Internet Web browser? Through the application layer within the cloud itself? If you’re tapping into software as a service, the SaaS provider will take the lion’s share of the responsibility for the application’s security. But what if you’re subscribing to an infrastructure as a service model? How will security be handled in a multi-tenancy environment so that you have access to your virtual machines but you can’t see anyone else’s data and they can’t see yours? A frank and open discussion with your provider will be needed to determine how you’ll keep your data secure and for your eyes only.
4. Regulatory is anything but regular. Now this may be the toughest part of all. Regulatory requirements are changing almost daily, and you need to know who is responsible for meeting those guidelines – you, the cloud provider or both? A SAS 70 Type II designation shows you how the provider will document its business changes and procedures. It’s an important benchmark and if your auditors require you to be SAS 70 certified, having a cloud provider that is certified makes your job that much easier. But it’s important to know that SAS 70 does not mean the provider is certified to assume risk for any particular kind of vertical market regulatory requirements such as HIPPA, PCI or FDIC; those requirements remain your responsibility regardless of where the data resides.
“Don’t expect that, by moving your regulatory data to the cloud, you are somehow freed from responsibility for that data,” Martin advises. “It’s your data and you are responsible for choosing the partnerships to manage that data. You will still be the one accountable to your auditors. Working with the right partner makes that much easier, but it does not wipe your hands clean of the responsibility. Know that going in, choose the right partner, make sure your SLA clearly spells out who is responsible for what, and your life as an IT pro will be a lot happier in the long run.”
Building a strategy to reconstruct IT environments and application platforms to take advantage of the cloud environment requires more than flipping a switch in the data center. Find out how Logicalis can help you assess your business’ needs and plan a cloud strategy – private, public or hybrid: http://www.us.logicalis.com/it-solutions/outsourcing-services,-ms/cloud-computing.aspx.
Logicalis is an international provider of integrated information and communications technology (ICT) solutions and services founded on a superior breadth of knowledge and expertise in communications and collaboration; data center optimization; application development and integration; and outsourcing and managed services.
With its international headquarters in the UK, Logicalis Group employs over 1,900 people worldwide, including highly trained service specialists who design, specify, deploy and manage complex ICT infrastructures to meet the needs of over 6,500 corporate and public sector customers. To achieve this, Logicalis maintains strong partnerships with technology leaders such as Cisco, HP, IBM and Microsoft.
The Logicalis Group has annualized revenues in excess of $1 billion, from operations in the UK, US, Germany, Latin America and Asia Pacific, and is fast establishing itself as one of the leading IT and Communications service providers, specializing in the areas of advanced technologies and services.
The Logicalis Group is a division of Datatec Limited, a $4.2 billion revenue business listed on the Johannesburg and London AIM Stock Exchanges (LSE/JSE: DTC).
For more information about Logicalis, visit http://www.us.logicalis.com.