If your organization is struggling with how to keep your enterprise data secure in the cloud, you aren’t alone. As I spoke with customers at the recent RSA Conference in San Francisco, how to migrate applications and data to the modern data center and still retain effective security was the number one topic on their minds.
The fact is, the modern data center poses some fairly new security challenges and there is no rule book on how to meet them. In the absence of a model, even in security, we are learning as we go.
What should you consider security-wise as you take this crucial step to move your data center operation to the cloud?
First realize that there are security tradeoffs in the modern data center. The biggest is a loss of visibility. When you access data and applications in a traditional, on-premises data center, security can analyze every step to guard against threats. When data is moved into the cloud, however, some of that visibility is lost and we need to find new ways to achieve the required amount of insight.
IT has to rely on alternative safeguards and trusted technologies for securing its resources. It needs to establish a new level of trust–the foundation of the modern data center.
My advice is to begin by evaluating which apps and data to migrate to the cloud. Do you really want to migrate your most proprietary information? Or does it make more sense to focus on information that, while important, won’t make your company go away if you lose access to it somehow? A cost-risk analysis that evaluates savings and efficiencies against your particular security risks is critical.
Next, evaluate processes to protect the migrated data. Optimal disaster recovery plans and identity and access management processes are central to a modern data center security program. You also need to update your data policies to address things like version control. You can’t have your cloud-based databases look fundamentally different from your on-prem databases. Having multiple data versions not only makes it hard to perform security investigations when needed but also means you have to expend resources to protect multiple versions.
And it is important that you carefully review your SLAs to determine what your cloud provider is responsible for and what you are responsible for should your data be lost or stolen.
The modern data center is not simply a building that you can just go and buy. It is also a mindset. The right balance of tools, technology, policies, work flows and more is unique to each situation. It is complicated and you need to consider lots of different factors, including changing some of your business processes. You shouldn’t try to implement your modern data center by yourself.
To put it plainly, I’m sure I could watch a YouTube video on how to take out my own appendix but I’m not going to do it; I’m going to go to a doctor that knows what they are doing and has done it many, many times.
Overall, you need a vendor who understands the cloud to guide your security efforts as well as to supply the trusted technology to create and maintain a safe and effective modern data center. You don’t want to make the investment to move to a modern data center only to have inferior technology turn your security infrastructure into Swiss cheese.
Look for providers whose solutions have been evaluated by an independent third party laboratory that tests and ranks them. For example, cloud products from EMC and its strategically-aligned business entities, including RSA and Virtustream, are rated according to NSA or federal government criteria.
Choosing the right partner with the right security practices and world-class support will help you build the solid foundation of trust crucial to support the modern data center.