Essential Guide

Enterprise cloud security best practices for locking down your cloud

A comprehensive collection of articles, videos and more, hand-picked by our editors

Data security remains biggest hurdle to public cloud adoption

Data security remains a top roadblock to public cloud adoption. Quell fears by understanding the risks and objectives in a potential cloud project.

AUSTIN, TEXAS -- Many organizations still feel the risks of public cloud adoption outweigh the rewards, with data...

security -- or lack thereof -- the primary concern.

The question of whether data is secure in the cloud is at the forefront for many IT professionals here at Dell World this week.

Hecla, Ltd., a mining company based in Coeur d'Alene, Idaho, would consider off-loading unimportant data or non-mission critical applications to run in the cloud, but the company's main concern is ceding control over those areas to public cloud providers.

 "We have terabytes of data that we back up, and what happens if we put that in Amazon and want to eventually switch to someone else?" said Michael Patton, Hecla's director of IT.

Patton worries that public cloud providers make it very easy to get a customer's data into the cloud environment, but he suspects those providers won't make it easy to get that data back.

"My job is to secure our data, and I just don't feel like I can do that with the cloud," he said. "Maybe I'm just too old."

My job is to secure our data, and I just don't feel like I can do that with the cloud.

Michael Patton,
director of IT at Hecla

Either way, every organization needs to understand its risk tolerance, the objectives for using the cloud and plan to mitigate for potential hazards, said Julie Talbot-Hubbard, chief information security officer for the Ohio State University (OSU) in Columbus, Ohio.  She oversees not just the information security for students and professors, but also for the university's medical facilities.

 "We have blinders on when it comes to security, the public cloud or the use of SaaS apps," she said. "If somebody calls you and says your patient information has been compromised, it's not a good answer to blame the service provider. You're on the hook."

OSU has been looking to use more cloud services for its medical facilities, but many of the cloud service providers have been unwilling to sign an agreement to take responsibility for HIPAA compliance and control measures.

"That's a deal breaker for us," she said.  

One IT admin for a Denver, Colo.-based credit union, who requested anonymity, said the cloud doesn't make sense for his organization because of  financial and personal information regulations. There's too much risk for the organization to touch the cloud.

Not only that, but his IT department struggles to keep the lights on with fewer budgetary and personnel resources than necessary.

 "Unfortunately, I just have higher priorities to deal with than making that move," he said.

Data security has become problematic for organizations because mobile, cloud and Software as a Service (SaaS) have created data leakage risks, said Judith Hurwitz, CEO of Hurwitz and Associates, a research firm based in Needham, Mass.

 "IT has to continuously evolve its approach, because the trends have moved faster than the security tools," she said.  

Dell responds to public cloud concerns

Dell's security story is mostly disjointed currently, as it works to connect several recent acquisitions into a coherent picture for IT departments.

IT has to continuously evolve its approach, because the trends have moved faster than the security tools.

Judith Hurwitz,
CEO of Hurwitz and Associates

But, Dell showed off the new capabilities of Wyse's PocketCloud application, a product obtained when it acquired Wyse in April 2012. The new features now provide users a single portal to access, manage, search, view, edit and share content from a variety of computing devices, including thin clients, tablets and smartphones, or even through a Web browser.

Essentially, PocketCloud creates a secured online file system from a person's various computing devices. The application, which has a one-time purchase of $14.99 via mobile app stores, aggregates a user's personal and professional data, whether it's stored in a cloud storage and file-syncing service like Dropbox or in an on-premises data center.

If users forget to log out of the Web application on a public computer, they can log out of that device from their mobile device or another computer, as an added security precaution.

James Furbush is the news reporter for SearchConsumerization.com and also contributes coverage on desktop, virtualization and cloud topics.

PRO+

Content

Find more PRO+ content and other member only offers, here.

Essential Guide

Enterprise cloud security best practices for locking down your cloud

Join the conversation

11 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Do you trust that data is secure in the public cloud?
Cancel
If you are in the gov security business you know this isn't possible.
Cancel
It is difficult to believe that data in public cloud is secure. How does one ensure that the data is not compromised by the employees of the cloud provider? How do we ensure that when we need the data back, we will get it without hitch?
Cancel
Sometimes it is secure and sometiomes it is not secure. Managing security is the key point
Cancel
Because there is no proper benchmark, to use and measure the skiil set that cloud provider offers [I am talking about there internal security mechnasim because data can be access by sys/net-admins...]
Cancel
It would all depend on the transparency of who is accessing my data.
Cancel
I have security concerns with data in the cloud. How sure is the customer that their data is not being accessed by a competitor for example?
Cancel
it depends from cloud providers
Cancel
Too many data breaches in the news.
Cancel
using homomorphic encryption data can be secured to some extent
Cancel
Organizatons does not have any control on cloud service providers.They will make a agreement for the name sake
Cancel

-ADS BY GOOGLE

SearchServerVirtualization

SearchVMware

SearchVirtualDesktop

SearchAWS

SearchDataCenter

SearchWindowsServer

SearchSOA

SearchCRM

Close