Can Data Be More Secure in the Cloud?
There’s no reason data stored in the cloud can’t be more secure and reliable than data stored on-premises. To make this happen, consider four key factors: operational expertise, controlled environments, encryption architectures and redundant infrastructure.
All key factors can be done on-premises, but that can be expensive and difficult, especially for processes that are not core to a business. By core, I’m referring to something that differentiates a company in the eyes of customers, such as the type of products a company provides. Everything else is context, which is important, but doesn’t impact business in the same way.
By moving context functions to the cloud, organizations can reduce costs and redirect those savings to core functions.
Security features must be planned for and built into every part of the solution, even for components that aren’t core to a customer’s needs. For example, by owning most components of the SaaS technology stack, an organization can leverage secure software development lifecycles to ensure that security best practices are accounted for in core software, tools, processes and monitoring systems.
A cloud solution also needs dedicated staff for monitoring, security, architecture, platform development, compliance and engineering. Having a dedicated and specialized staff both ensure expertise, and also increase security, because vulnerabilities often happen when technology is implemented without the right level of proficiency.
A cloud solution should also ensure, through continuous validation and auditing, that the right things are being done through a variety of mechanisms, whether those are SAS 70 Type II audits, internal audits, or security probes.
Additionally, cloud services need to operate at scale for specific applications not found in a typical enterprise, which in turn creates a need for automation, ensuring that all the right tasks are happening at the right times.
A SaaS solution needs a scalable environment made for performing one task (or set of tasks) in an automated, repeatable, and dependable way. Therefore, cloud providers need a homogenous environment from an OS monitoring tool and even hardware point-of-view in order to increase visibility and decrease risk exposure.
In this environment, there’s not one key person who has access to everything. Instead, there are strict controls regarding when and who can do what, which should be automated to provide an additional level of security.
Data Encryption Architecture
Enterprise-class cloud vendors must ensure that data is encrypted both in transit and at rest, no matter where it resides. Crucial to this are encryption keys, which should be separated from the data or application. One way is to have data in the cloud and keys onsite. Alternatively there could be one cloud where keys are maintained and stored and a separate cloud for data encryption and decryption. Those clouds should communicate through controlled protocols so unauthorized users can’t access both.
To deliver services reliably, across multiple datacenters and at scale, cloud solutions need redundant infrastructure. To ensure reliability and disaster recovery, it should be at the core of all architecture.
Redundancy is often overlooked because it is complex, not always cost-effective, and many times it’s an afterthought. But it provides additional security. If attackers target one datacenter, other datacenters are still running.
If an organization looks for SaaS solutions that hit on all of these four factors, they can rest assured that their data will be secure and reliable, even in the cloud.
About Andrés Kohn
Andrés Kohn is currently responsible for Proofpoint’s email archiving business unit and has been responsible for setting Proofpoint’s product direction since the inception of the company. In addition, Andrés is responsible for developing strategic technology partnerships that complement Proofpoint’s solution offerings. He joined Proofpoint from Critical Path, where he was director of product management and responsible for the global direction of their messaging products and services. Before joining Critical Path, Andrés held several product marketing positions at PeopleSoft, and various management roles at International Paper as well as Procter and Gamble. Andrés holds a B.S. degree with distinction and an M.S. degree in engineering from Cornell University. He also holds an M.B.A. degree from Stanford University.
- IT Security
- Internet Privacy
- Messaging Security
- Email Security
- Mobile Security
- Internet Security
- Cloud Security
- Information Security
- Internet Privacy
- Privacy Protection
- Email Encryption
- Data Breach Protection
- Spam Filtering
- Virus Protection
- Botnet Detection
- Internet Worm Protection
- Social Business
- Managed IT Services
- Mobile Devices
- Disaster Management
- 1 of 266