Stepping-up security while shifting to the cloud
An excerpt from Transform to Better Perform, a global knowledge share initiative led by the BPI Network and sponsored by Dimension Data
Like most technology leaders, DCD Group CTO Stephen Worn has a lot on his mind as he approaches the topic of datacenter transformation, and security always tops the list.
“Those people who are not paranoid about their data are the people who end up losing their jobs fast,” said Worn, who also serves as CEO of Datacenter Dynamics North America. “If you’re not worried, you’ve got a problem. You should always worry about the safety and security of your customer data.”
The need to address changing business needs is driving companies to shift more of their data and applications into next-generation data centers that blend co-location facilities, the cloud and on-premise facilities. The result is a dramatic improvement in creating new apps, providing quick global access across communications channels and reducing costs.
Of course, nobody wants to compromise on security as they complete this transformation. If anything, security should be improved with the help of cloud vendors who know that their No. 1 job is to keep their clients’ data secure.
“As IT managers began shifting to the cloud a few years ago, a key question was whether their data would be safe”
With a subsequent rise in the frequency, severity and sophistication of attacks, some IT professionals now think the cloud is as safe, or safer, than their on-premise servers.Hackers tend to look for the weakest link in the security chain, which can be an on-premise data center, the cloud, co-location servers, applications, the network that ties them together or the growing family of mobile devices used to access them.
“Whether you’re using a cloud provider, whether you have your own data center, whether you have your own computer rooms in your offices or servers sitting in your office, the security issues have grown much more significant,” said Gabe Cole, founder of RTE Group, which provides consulting for data centers and mission critical facilities.
It’s not your imagination. The number of security breaches has increased “very significantly,” according to Cole. Indeed, in the past few years, security breaches have exploded in magnitude while crossing business sectors. The top five included Anthem, 80 million records; Home Depot, 56 million; JP Morgan Chase, 76 million; eBay, 145 million; and Target, 70 million, according to Information Is Beautiful.
“We only hear about the big ones,” he said. “Now, it’s not just high school kids sitting in their garage trying to impress their friends. It’s foreign governments. It’s terrorists. It’s people trying to steal financial data and personal data.”
Not only are more people trying to hack into your data center for nefarious reasons, but the situation has been complicated by the proliferation of devices – especially smartphones and tablets that connect to the network.
“Cell phones and mobile devices are not foolproof. They’re easily copied. They’re easily hacked,” said Martin Zuckerman, CEO of Teswaine Technologies, an engineering firm that specializes in information transport and data centers. He noted most devices use “very little sophisticated encryption” that might stymie intruders.
“People do their banking in there. They do everything over a smartphone and everything can be captured,” he said.
Of course, CTOs aren’t the only ones concerned about security. Many countries have imposed regulations that limit where and how data can be stored. Such rules raise compliance issues for global enterprises that want to provide employees and customers with access to data and applications from anywhere at any time.
“In compliance and security, in the past two years, it has been escalated,” said Aman Khan, General Manager, Alliances for Europe at Dimension Data. “People have been sensitive to keeping their data in their own territory, but I think they’re even more conscious that they have to meet compliance. And the EU rules say what companies can and cannot do. Companies can even be penalized for this.”
This has prompted technology leaders to seek out innovative solutions “and the security aspect goes along with that. It doesn’t matter what environment you’re in,” according to Khan. “So compliance and security are definitely at the top of the list for any CIO.”
Is the cloud really safer? That depends. It comes down to how seriously your cloud vendor handles security, which should be spelled out in a service level agreement. For companies shopping for cloud services, it’s critical to review security considerations or to work with integrators who have insights into this increasingly complex world. Obviously, the lowest bid won’t always include the security controls that are best-suited to your needs.
“Whenever you put your information into the hands of another, you have allowed someone access to your information,” said Zuckerman. “You have given away some of your security.”