This page contains a Flash digital edition of a book.
MANAGED SERVICES private cloud


for their accessibility and usability without worrying about the security implications. Privacy concerns are often secondary to the benefits provided by easy and immediate communication.


Companies may well set up a policy to ban the use of Hotmail and even social networks. But they can still be at risk because one of their suppliers or partners uses those inappropriate channels to communicate on their behalf – the marketing agency of a tightly regulated bank, for example.


When it comes to the cloud, organisations need to be aware of the same risks and requirements to build a data governance model based on a number of variables, notably cost, risks, business benefits and time period over which the service is required.


Different processes and data sets used by the business should be plotted against these axes, allowing the business to make decisions about which platform is suitable for each one. For example, it could be that the design team needs to render some very large images to share with an outside agency for a short period of time, every three months. In this case, it may make sense to use the public cloud then remove the server farms used to process the images afterwards.


On the other end of the scale, highly sensitive customer data such as bank account details should always be stored in a secure environment that cannot be accessed from the outside. The cost of securing this data needs to be balanced against the potential costs incurred through regulatory non-compliance or reputational damage. As well as building an internal, tiered governance model, organisations need to consider the ability of cloud providers to have a suitable model in place. It’s fair to say that while there has been some guidance on how cloud providers should manage data according to EU law and other Data Protection regulations, hard and fast regulation is still catching up. Cloud tends to be treated as a third party service and therefore not that different to other IT services, despite its varying levels of security risk.


Another point to bear in mind is that different jurisdictions around the world have different regimes concerning data protection. If your cloud provider is asked to provide your data to the regulators, are they obliged to do so with or without your permission – for example could Yahoo! or Google be forced to surrender customer data to government authorities in situations where a crime is perceived to be committed?


hidden costs and risks associated in taking this line of thinking which need to be weighed up before considering this strategy. If cost is the only driver, it’s likely that large companies will increasingly choose the public cloud route. Security concerns should be balanced against the fact that these same companies are likely to be using ‘private’ services already.


For example, the virtual circuits and networks provided by telecoms suppliers are private, but could well still be open to data breaches – as indeed could in-house systems themselves. The answer to the problem may involve data encryption, as, when effectively implemented, it enables data to protect itself, wherever it is stored and wherever it is running. Yet so far at least, most cloud providers and their clients are not choosing to encrypt all data stored in or running over the cloud. This is almost certainly because the initial cost and flexibility benefits of cloud outweigh data-related risks – in the same way that many of us use Hotmail or social media networks


These questions are not one-offs that can be asked in isolation, but should be part of a regular review that is undertaken by a multi- disciplinary team combining IT, legal and business executives. Multiple disciplines are required because the IT team may not be as well-informed about the value of particular data sets, while the legal/ compliance team is usually the best informed about how to ensure data is protected from an e-discovery or regulatory point of view. Finally, there are good commercial reasons for taking a lead on setting up a strong governance model for the public cloud. Less conservative businesses may gain an edge by tapping into the versatility and scalability of cloud, and the cost-effectiveness of the public cloud in particular.


The question is whether your business can live with the edge that this will bring in terms of potential business benefits and security risks. More conservative businesses are likely to stick to their own IT environments or explore private cloud for now – but still need to protect themselves with a strong governance model that is revisited on a regular basis.


May 2012 I www.dcseurope.info 41


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52