Page 20 - index
P. 20
What is Data Security in the Private and Public Cloud?
Today, everything resides in the cloud. In 2012, Gartner predicted the transition of offline PC
systems to the cloud by 2014. The prediction was accurate. The majority of enterprises use at
least one model of cloud computing technologies to carry out business procedures. However,
increased agility and economic benefits come at a price. With the cloud and virtualization
technologies, businesses have logical control over the data, but the actual data reside on
servers managed by third party providers. When multi-tenants share the infrastructure, data
integrity is compromised. Moreover, data compliance issues may arise when data reside away
from company premises. Customer privacy needs to be maintained. Data segregation
techniques matter. Without clear visibility into operational intelligence, companies have to rely
on third parties’ security solutions. In case of data disaster, businesses should be able to
retrieve data and services. If a cloud provider is acquired, data and services should still be
securely maintained.
The traditional network-centric security solutions, such as intrusion detection systems and
firewalls, cannot protect your data from hacking by privileged users and advanced persistent
threats (APTs). There are other methods, such as security information and event management
(SIEM) and database audit and protection (DAP), for event correlation. With stringent data
regulations in place and increased data breaches, businesses have to move from network-
centric solutions to data-centric solutions by integrating data security intelligence and data
firewalls to create a veritable firewall around the data. Strong access controls, key management
and encryption that are augmented with security intelligence are required, because once you
move everything into the cloud, you only have a web browser as an interface.
What are Data Security Law and Policy?
The Data Protection Act 1998 is a British law that regulates the processing of data on
identifiable living people. It controls how organizations, businesses and the government use the
personal information of users. While businesses have to cope with rapidly exploding big data,
they have to work in compliance with data protection laws, which are more stringent when
sensitive information such as ethnic background, religious beliefs and criminal records are
involved. As opposed to Britain and the European Union, the United States does not yet have a
consolidated data protection law, instead adopting privacy legislation on an ad hoc basis. The
Video Privacy Protection Act of 1988 and the Massachusetts Data Privacy Regulations of 2010
are a couple of examples.
When it comes to the cloud, there are no borders. A company located in one country might use
CRM solutions offered by another company that is based in a different country. In such cases, it
is not easy to know where the data are stored, how they are processed and what data
protection laws govern them. Businesses that are moving into the cloud should enquire about
data management by the cloud provider.
20 Cyber Warnings E-Magazine – November 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
