Securing the Cloud

Every cloud survey I've seen in eons points to security as the biggest concern in moving to the cloud. And on the surface that makes sense. Your data is no longer in your shop but elsewhere in a provider's network. More telling, the data also has to move from the provider over the Internet to wherever it's going.

Logically all this is fraught with danger. But I am not one that is terribly terrified. I don't trust every internal IT person so the data is not necessarily safer in one's own data center. And the security within a data center where that is the vendor's only business should be better, with more modern tools and up-to-date security experts hired as guards.

Derek Tumulak is a V.P. at Vormetric, which does key management and encryption. Tumulak has some advice on keeping your data safe and your CIO calm as you make your cloud move.

One approach, which also boosts performance, is a private cloud. But here again, the issue is whether you can realistically do a better job at securing what is now a highly virtualized data center than a dedicated, well-heeled service provider.

On the flip side most clouds are multi-tenant, so it is not just the service provider that is near your data but other tenants.

So how do you secure your cloud? First you need a plan, Tumulak advises -- in this case, a three-year plan that determines which systems are most critical and what cloud moves you intend to make.

One part that is music to my ears is Tumulak's focus on education. Many breaches are due to human error after all.

Another needed plan concerns response. How do you tell customers that may be impacted, and how do you find the root cause?

Posted by Doug Barney on 10/30/2012 at 12:47 PM