This page contains a Flash digital edition of a book.
MANAGED SERVICES cloud


kept them from putting data in the cloud. A possible reason for this hesitation is that a staggering 48% of survey respondents said that they didn’t know which countries their data resided in once in the cloud, leading to uncertainty when it comes to complying with regulations. While 70% of people surveyed said that they were aware of data residency requirements or laws, an alarming 30% did not know and 23% believed they didn’t abide by them- attesting to the fact that these jurisdictional issues are proving a serious stumbling block for organisations that wish to store or process data in the cloud.


And as protecting data becomes an increasingly onerous task, due largely to the fact that every new approach to security is eventually met with an even more sophisticated attack from cyber criminals, it can become time consuming and expensive. Therefore, questions regarding privacy and compliance must be addressed as data moves to the cloud: Which information can and cannot be collected? Where and how can data can be stored and transmitted? Which security practices must be applied? What to do in the event of a data breach? In order to stay ahead of the dynamic security and data residency


The simplest way to ensure compliance is to obfuscate data as it is captured, rendering it useless to cyber criminals and unreadable to outsiders, regardless of where it lives. Any sensitive information, including financials, customer and employee data or intellectual property, needs to be protected across the entire lifecycle and wherever it goes. Any loss or exposure of that data can result in compliance or regulatory fines, loss of brand reputation and a loss of privacy.


However, to be effective, businesses must keep it simple and consistent. A successful data-centric security approach can be applied to any type of data, and deployed across corporate systems, and does not require the deployment of multiple point solutions which are difficult to integrate and still leave security gaps as data moves across and outside of the organisation .


These criteria are vital, and relevant to all solutions, whether mainframes or mobile technologies, and regardless of whether they are deployed on-premise or on-demand. There are five critical data protection requirements that any company should consider:


Another approach is to try and protect data by a single gateway process.


The issue with this approach, however, is the impossible latency issues. As an example, companies have tried database-oriented tokenisation strategies; however this, and other single gateway approaches, are really a step backward as they create a need to sync vast data repositories across long path networks


regulations and to leverage the current market trends around cloud, many organisations are adopting strategies such as having data centres in all the countries they operate in as a of way keeping data confined within legal boundaries. However, this is woefully inadequate, as the data can still be accessed from anywhere in the world, while still not addressing data residency compliance. Not to mention the skyrocketing costs and overheads involved with housing multi data centres. Another approach is to try and protect data by a single gateway process. The issue with this approach, however, is the impossible latency issues. As an example, companies have tried database-oriented tokenisation strategies; however this, and other single gateway approaches, are really a step backward as they create a need to sync vast data repositories across long path networks. So how do CISOs avoid falling foul of legislation when considering the myriad of complex rules and regulations governing how data is used, stored or moved?


To remove any risk or doubt of non-compliance altogether, and stay ahead of security and data residency regulations in order to be able to take full advantage of cloud computing, organisations must employ a strategy that secures data directly at the source, rather than trying to implement point technologies to corral the data within a defined boundary.


This ‘data-centric’ approach means that information is protected, whether through encryption, tokenisation or data masking, and therefore remains completely secured from the moment it is created throughout the entire data lifecycle. Even as the data moves into and across a cloud environment, it remains in a protected state and not “in the clear”. This means that data can now be securely moved into and throughout the cloud, while remaining in compliance with data residency and privacy requirements.


1. Organisations must build security policies around the technologies they use. Individual, point solutions are generally insufficient to meet a company’s unique security requirements, and don’t allow organisations to secure sensitive information while at-rest and in-transit.


2. Businesses must recognise the reality of data lifecycle. Data travels across and outside of an organisation, across borders and geographies to users internal and external to the organisation. This reality requires a data protection program that supports the needs of how the business is using information today.


3. Data protection solutions need to be scalable to meet business and IT requirements and architected to match the growth of the business and its data.


4. Simpler is better. The adoption and use of the technology can’t be too complex for the user, otherwise the technology won’t be utilised across the enterprise and risks will increase. A data protection program that is too complex, or lacks usability, will not be fully and readily adopted across an enterprise, which could leave sensitive data exposed and the company at risk.


5. IT environments are heterogeneous, with new technologies working alongside legacy systems. Data protection solutions need to work with all data types, both structured and unstructured, across the entire IT infrastructure, without the need for extensive and complex re-engineering of systems and applications that manage sensitive information.


By adopting a data-centric security strategy, companies can be confident in migrating to the cloud and leverage the associated business benefits, while removing any uncertainty around compliance with data residency and privacy requirements.


November 2013 I www.dcseurope.info 39


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56