Page 17 - CDM Cyber Warnings February 2014
P. 17
compared to public alternatives, and a higher total cost of full control over not only the access to data in public cloud
ownership. environments, but also complete control over where
So what is an organization supposed to do� Only look at sensitive enterprise or agency data will physically reside in
private clouds or on-premise deployments for their �the clear � – all without impacting the cloud end-user �s
enterprise applications� This is a tricky decision given the experience with critical applications like Salesforce.com,
downsides I just mentioned. I�ve seen studies that point to ServiceNow, etc.
on-premise deployments of software being anywhere from
3 to 8 times more expensive than public-cloud based Where to Begin: Seize Control
deployments when all costs are considered. Public clouds Enterprises can begin by undertaking a quick data
offer powerful cost savings – at a magnitude that surely gets classification exercise. During this process, different types
the attention of the CFO�s office. So when CIOs and CSOs of data (e.g. names, addresses, etc.) should be grouped into
mandate that certain systems remain on-premise due to varying categories of sensitivity. When this is complete,
concerns about regulatory compliance or security, polices can be put in place about where this information can
limitation of this path need to be actively debated. be stored and processed in the clear, where it cannot go, and
where it can go subject to being protected in some way (such
Making the Public Cloud Private as with tokenization or encryption). A similar process can
CIO�s are being asked by their business partners to deliver be undertaken to determine which individuals can and
highly compliant and secure cloud applications that will cannot have access to various categories of sensitive
allow the enterprise�s business units to accomplish their information.
objectives. While their CFO is simultaneously demanding
that the budget needs to be more aligned with public cloud Internal security and data governance best practices need
use vs. building out private cloud infrastructures. Is there to inform these efforts, but they also need to take external
a way to bridge the gap� Many organizations are finding a data privacy, compliance and data residency regulations
new category of solution – Cloud Data Control Gateways – into account. With this foundation in place, security and IT
to be the critical enabler in making both parties happy. professionals can begin to investigate technologies that can
help implement the desired approach.
This class of solution allows organizations to keep their
sensitive data on-premise, even when using public cloud The Cloud Data Protection Gateway described earlier can
applications. Sensitive information gets replaced with a play a central role along with other traditional security
randomized token or encrypted value before it goes beyond technologies. Gartner published a report entitled �The
their firewall for processing and storage in the cloud. Growing Importance of Cloud Access Security Brokers,�
which is an excellent guide to understanding the different
If encryption is used, the organization maintains control of complementary technologies that are available to help
the keys – insuring third parties won� t have access to the enterprises utilize the public cloud while maintaining the
data. If tokenization is used, they maintain control of the level of control they require.
token vault. In addition, these gateways are designed in
such a way to be invisible to the end user – they have full About the Author
David is President and CEO of PerspecSys. Previously, David was SVP of
cloud application functionality and performance, including Sales and Marketing at Irdeto Worldwide, a division of Naspers. Prior to that,
search and sort functions (as if they were natively accessing David was the President and COO of Cloakware, which was acquired by Ird-
eto. Before joining Cloakware, David was the General Manager and Vice
the cloud application). President of Sales for Cramer Systems (now Amdocs), a UK-based company,
where he was responsible for the company’s revenue and operations in the
Americas. Prior to his work with Cramer, David held a variety of executive,
When combined with other technologies such as Single-
sales management and business development positions with the Oracle Cor-
Sign-On, solutions like this enable organization to maintain poration, Versatility and SAIC.
CYBER DEFENSE MAGAZINE - ANNUAL EDITION 17