Cloud Data Security: 4 Questions to Answer Before Moving Your Data

Cloud service providers are constantly improving their offerings in order to provide a stable, secure, cost-effective platform on which almost all IT applications can run. For example, they often support multiple virtualized operating systems, customizable server processor counts, flexible network configurations and other cloud storage parameters. And to help ensure cloud data security, vendors offer functionality like access control, key management and encrypted data.

Still, moving data and applications to the cloud has wide-ranging implications for your organization. In this blog, we’ll explore several key questions that you should consider thoroughly before you bet your company’s future on a cloud environment.

What are the main benefits of moving data to the cloud?

Migration of applications and data to the cloud has been a boon to IT shops of all sizes around the world. The convenience of anytime, anywhere data availability and the potential cost savings alone make it a compelling alternative to traditional data center-based physical infrastructure. But there are many other benefits as well.

One is data redundancy — cloud data is typically replicated among more than one geographical zone. Most public cloud services even allow customers to specify which geo-zones their applications and data reside in. Although this replication does not constitute a comprehensive data protection or data security plan, it does offer peace of mind that multiple copies of your data reside in the cloud environment.

Moving data to the cloud can also help companies meet security and compliance requirements that focus on data availability, data redundancy and information security. It’s not that cloud-based computing is inherently more secure and robust than on-premises computing, but rather that it can increase the control IT has over company data. In particular, moving to the cloud can reduce shadow IT and get data stores out from under desks and in storage closets so they can be governed and protected in compliance with governance regulations and best practices.

How can I preserve information integrity in the cloud?

Data protection involves three critical components: data integrity, data confidentiality and data privacy. Data integrity involves ensuring that all data stored in the cloud is accurate, i.e., that the bits and bytes that you store in the cloud remain exactly as they were when they were first uploaded or created in the cloud.

There are a variety of methodologies that help ensure the data integrity of cloud storage, including provable data possession (PDP) and high-availability and integrity layer (HAIL). These techniques attempt to eliminate data loss due to intentional or accidental data manipulation, deletion or corruption in the cloud. Many cloud security solutions include data integrity management that constantly compares the current state of cloud data to the last known good data state and notifies admins of any mismatch.

How can I ensure data confidentiality in the cloud?

Public cloud computing is by its nature a shared environment — your virtual machines (VMs) are sharing infrastructure, hardware and software with other cloud tenants. As a public cloud customer, you have no idea the identity or even the number of customers with whom you share your environment. Therefore, you should closely research your cloud provider to check whether all applicable security cloud computing mechanisms are implemented and working as designed.

Private clouds offer much of the same convenience and scalability of public cloud, but do not require you to share cloud infrastructure with other customers. Probably the most high-profile private cloud in existence is the one used by the Central Intelligence Agency (CIA). The fact that an organization such as the CIA found a private cloud sufficient for their extremely sensitive requirements indicates that data security in cloud computing has matured to the point that a properly configured private cloud can meet the needs of almost any organization hesitant to trust public cloud solutions.

How can I ensure the privacy of sensitive information in the cloud?

Data privacy requires ensuring that only authorized users can access personally-identifiable information (PII), credit card numbers and other sensitive data. Many businesses have established privacy policies that control which data can be stored in the cloud and define how sensitive data is to be protected in the cloud. Cloud encryption techniques and other security measures can help prevent prying eyes from being able to access protected data. The compliance requirements applicable to your industry or company can serve as a guide to the techniques you should employ to ensure data privacy.

The high-profile data loss events constantly in the news highlight the high cost of data security issues, either on premises or in the cloud. Breaches can result in steep fines and many other expenses, particularly when the data involved is PII or other sensitive data. If you choose to store sensitive data in the cloud, you need to pay close attention to data privacy.

Conclusion

The stampede to cloud-based computing is not likely to abate any time soon, and neither is the growing demand for tighter requirements on data security, especially data privacy. While high-security cloud computing was perhaps a bit of an oxymoron when cloud computing was in its infancy, modern cloud services offer a variety of data integrity, confidentiality and privacy mechanisms that provide a compelling case in favor of cloud computing. Getting satisfactory answers to the questions discussed here will help IT pros find just the right fit for their cloud computing workloads.