Enterprise cloud security best practices for locking down your cloud
A comprehensive collection of articles, videos and more, hand-picked by our editors
AUSTIN, TEXAS -- Many organizations still feel the risks of public cloud adoption outweigh the rewards, with data security -- or lack thereof -- the primary concern.
The question of whether data is secure in the cloud is at the forefront for many IT professionals here at Dell World this week.
Hecla, Ltd., a mining company based in Coeur d'Alene, Idaho, would consider off-loading unimportant data or non-mission critical applications to run in the cloud, but the company's main concern is ceding control over those areas to public cloud providers.
"We have terabytes of data that we back up, and what happens if we put that in Amazon and want to eventually switch to someone else?" said Michael Patton, Hecla's director of IT.
Patton worries that public cloud providers make it very easy to get a customer's data into the cloud environment, but he suspects those providers won't make it easy to get that data back.
"My job is to secure our data, and I just don't feel like I can do that with the cloud," he said. "Maybe I'm just too old."
My job is to secure our data, and I just don't feel like I can do that with the cloud.
director of IT at Hecla
Either way, every organization needs to understand its risk tolerance, the objectives for using the cloud and plan to mitigate for potential hazards, said Julie Talbot-Hubbard, chief information security officer for the Ohio State University (OSU) in Columbus, Ohio. She oversees not just the information security for students and professors, but also for the university's medical facilities.
"We have blinders on when it comes to security, the public cloud or the use of SaaS apps," she said. "If somebody calls you and says your patient information has been compromised, it's not a good answer to blame the service provider. You're on the hook."
OSU has been looking to use more cloud services for its medical facilities, but many of the cloud service providers have been unwilling to sign an agreement to take responsibility for HIPAA compliance and control measures.
"That's a deal breaker for us," she said.
One IT admin for a Denver, Colo.-based credit union, who requested anonymity, said the cloud doesn't make sense for his organization because of financial and personal information regulations. There's too much risk for the organization to touch the cloud.
Not only that, but his IT department struggles to keep the lights on with fewer budgetary and personnel resources than necessary.
"Unfortunately, I just have higher priorities to deal with than making that move," he said.
Data security has become problematic for organizations because mobile, cloud and Software as a Service (SaaS) have created data leakage risks, said Judith Hurwitz, CEO of Hurwitz and Associates, a research firm based in Needham, Mass.
"IT has to continuously evolve its approach, because the trends have moved faster than the security tools," she said.
Dell responds to public cloud concerns
Dell's security story is mostly disjointed currently, as it works to connect several recent acquisitions into a coherent picture for IT departments.
IT has to continuously evolve its approach, because the trends have moved faster than the security tools.
CEO of Hurwitz and Associates
But, Dell showed off the new capabilities of Wyse's PocketCloud application, a product obtained when it acquired Wyse in April 2012. The new features now provide users a single portal to access, manage, search, view, edit and share content from a variety of computing devices, including thin clients, tablets and smartphones, or even through a Web browser.
Essentially, PocketCloud creates a secured online file system from a person's various computing devices. The application, which has a one-time purchase of $14.99 via mobile app stores, aggregates a user's personal and professional data, whether it's stored in a cloud storage and file-syncing service like Dropbox or in an on-premises data center.
If users forget to log out of the Web application on a public computer, they can log out of that device from their mobile device or another computer, as an added security precaution.
James Furbush is the news reporter for SearchConsumerization.com and also contributes coverage on desktop, virtualization and cloud topics.