One of the biggest barriers to Cloud Computing adoption is security…as it should be. When evaluating applications and/or use cases to move to the Cloud, one must ask themselves three fundamental questions. First, does the use case that I want to put in the Cloud make sense from a security perspective? Second, will the data I put in the Cloud make myself and/or my organization exposed to increased liability? Should I talk to my security team before I work on a Cloud project? Here are some answers to these very important questions.
Does the use case that I want to put in the cloud make sense from a security perspective? There are several use cases that may not make sense for migration to the Cloud from a security perspective. Some that should undergo additional scrutiny include government, financial, and healthcare applications where there are specific data privacy concerns. You may be able to put test instances of these applications in the Cloud, but be sure that the data that lives in the Cloud does not violate any data privacy concerns. This leads us to question #2.
Will the data I put in the Cloud make myself and/or my organization exposed to increased liability? Skytap, currently targets non-production dynamic use cases such as applications under test and development. These are often great use cases for the Cloud. However, you need to make sure that any test data is obfuscated and/or masked in the event it contains personal and/or sensitive data. This is an all around best practice approach to anything you do with your company data. If your organization is subject to compliance and strict regulation such as PCI and/or HIPAA, make sure you clear any data that you want to put into the Cloud with your organization’s security team.
Should I talk to my security team before I work on a Cloud project? The answer here is a clear yes. If you think you need to talk to your security department, then the answer is always yes. However, before you send them that calendar invite, make sure you go in with a plan. Identify the applications or use cases that you are considering, have a mitigation plan to ensure security and privacy, and have the facts straight about the vendor that you have chosen as your Cloud Provider. It is extremely important to involve your vendor early in the process and have them talk about their architecture, security, and management best practices.
If you are confident that your use case(s) destined for the Cloud makes sense from a security perspective, the data that you are going to place in the Cloud is secure, and if you get the blessing from your security teams before you begin your Cloud project, you will be well on your way to Cloud nirvana!
Mike Neil, Director of Field Ops / Skytap