Data security and cloud adoption myths, realities and the future.



Similar documents
Connecting to the Cloud

The Emperor s New Clouds

Data Protection Act Guidance on the use of cloud computing

Making HR Simpler. A Guide to HR Software in the Cloud

Are you mixing with the wrong cloud? Building the right cloud strategy for your financial services organisation

White Paper. The Importance of Securing s as Critical Best Practice within Financial Services. Executive Summary

Cloud Computing Trends, Examples & What s Ahead

How To Decide If You Should Move To The Cloud

Buyer s Guide. Buyer s Guide to Secure Cloud. thebunker.net Phone: Fax: info@thebunker.net

Hosted SharePoint. OneDrive for Business. OneDrive for Business with Hosted SharePoint. Secure UK Cloud Document Management from Your Office Anywhere

Cloud Computing - Benefits and Barriers for Retail Adoption

When is a private cloud right for your organization?

VPLS lies at the heart of our Next Generation Network approach to creating converged, simplified WANs.

Service Definition. Hyve cloud based Microsoft Exchange hosting (PaaS)

Embrace the G-Cloud. Ultra Secure Colocation Services for the Public Sector. thebunker.net Phone: Fax:

WHY TRUE SAAS ITSM BEATS ON-PREMISE AND HYBRID DELIVERY OPTIONS

The benefits of Cloud Computing

System Security. Your data security is always our top priority

Intermedia s Dedicated Exchange

SaaS A Product Perspective

CONTROL. FLEXIBILITY. PERFORMANCE.

Cyber Security - What Would a Breach Really Mean for your Business?

Unlock the full potential of data centre virtualisation with micro-segmentation. Making software-defined security (SDS) work for your data centre

How To Store s On A Server Or On A Hard Drive

Information Security: Cloud Computing

Integrating Active Directory Federation Services (ADFS) with Office 365 through IaaS

Getting Your Head In The Cloud

SHEDDING LIGHT ON THE CLOUD

ICSA Labs Risk and Privacy Cloud Computing Series Part I : Balancing Risks and Benefits of Public Cloud Services for SMBs

Secure Thinking Bigger Data. Bigger risk?

Service Definition. Hyve Government Cloud Servers - Small (IaaS)

AVAILABILITY SERVICES CLouD SECuRITY

How a Cloud Service Provider Can Offer Adequate Security to its Customers

Data Storage and Backup

Security Management. Security is taken for granted until something goes wrong.

research report: field service, mobility & the cloud

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING

THE NEW INTERNATIONALS. Updating perceptions of SMEs in an increasingly globalised world

1.1.1 Introduction to Cloud Computing

Moving Service Management to SaaS Key Challenges and How Nimsoft Service Desk Helps Address Them

How the Cloud Computing Can Transform Your Business

Excellence through experience. Shaping information technology to help you achieve more

Ensuring security the last barrier to Cloud adoption

"Bring Your Own Device" Brings its Own Challenges

ABOUT NODE4. node4.co.uk

No. 1 - The Simple Guide to SIP Trunking. City Lifeline Technology Briefing

Move to the Cloud on your own terms with Intermedia

Service Definition. Hyve cloud based Virtual Desktop (PaaS)

Leveraging the Private Cloud for Competitive Advantage

Recommendations and Considerations for Companies Migrating to the Cloud

Hosted Exchange for Business

Interoute Virtual Data Centre. Hands on cloud control.

How To Understand The Benefits Of Cloud Computing

The trusted technology partner in the Public Sector

Saf April Saf Helping your business reach further with hosted at UK based, ISO 27001, Tier 4 data centres.

Cloud Computing: The atmospheric jeopardy. Unique Approach Unique Solutions. Salmon Ltd 2014 Commercial in Confidence Page 1 of 5

What are Hosted Desktops?

Your simple guide to cloud computing

A HYBRID STORY: CLOUD STORAGE AND ARCHIVING

Whitepaper: Cloud Computing for Credit Unions

Private Vs Public Cloud

Backup & Disaster Recovery for Business

Using AWS in the context of Australian Privacy Considerations October 2015

Cloud Software Services for Schools

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Converged Private Networks. Supporting voice and business-critical applications across multiple sites

Security in the Cloud: Visibility & Control of your Cloud Service Providers

Desktop as a Service Service Definition

Eduserv Managed Cloud Solutions. Helping you to migrate securely to the cloud

Cloud: It s not a nebulous concept

The cloud - ULTIMATE GAME CHANGER ===========================================

Just because everybody else is doing it, doesn t make it right!

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

White paper. How cloud computing can transform the fortunes of small and mid-sized businesses

Your complete guide to Cloud Computing

Achieve the Five Holy Grails of Business with the Cloud

Managing Growth, Risk and the Cloud

THE WORRYWART'S GUIDE TO CLOUD COMPUTING

HOSTING. Managed Security Solutions. Managed Security. ECSC Solutions

WINDOWS AZURE DATA MANAGEMENT

Web application security badges

Cloud Vs On-Premise A Unique Decision For Every Law Firm

IJRSET 2015 SPL Volume 2, Issue 11 Pages: 29-33

Cloud Software Services for Schools

Mule Enterprise Service Bus (ESB) Hosting

BCS, The Chartered Institute for IT Consultation Response to:

How to ensure control and security when moving to SaaS/cloud applications

CYBER SECURITY Audit, Test & Compliance

HOW TO SELL CLOUD SERVICES. A channel guide

Infrastructure & Software

89% IT Enterprise Services. Optimise your cloud investments with innovative hybrid cloud solutions. Hybrid cloud

THE BENEFITS AND RISKS OF CLOUD PLATFORMS

Copyright Sapphire Systems plc Not to be reproduced without the express consent of Sapphire Systems plc

A Guide to the Cyber Essentials Scheme

FTP-Stream Data Sheet

BT Cloud Compute. Cloud: from hype to reality.

Who s next after TalkTalk?

About These Guides About The Author Where Businesses are at with Cloud Adoption The Cloud Continuous or Discontinuous?...

SIP Connectivity. A Beyond Wires White Paper

Transcription:

Data security and cloud adoption myths, realities and the future. Prepared By

Information security concerns arguably remain the single biggest barrier to the adoption of cloud services. It is often said that perception is everything, but to understand whether these concerns are based on reality it is worth breaking down the term cloud before discussing security. The Cloud Cloud is a relatively modern term used to describe the long-standing provision of hosted IT processing, in fact CCE has been providing a hosted service since 2006. It could be reasonably argued that the term cloud is in itself unhelpful as the image of a cloud is a sort of generic, fluffy diagrammatical excuse to avoid detailing the intricacies of a wide area network linked to complex hosted services. The term cloud has become the darling of technology marketeers everywhere; it has been adopted by the media and now even by the government to describe anything and everything that is not on premises. As a consequence, due to the vast array of services and solutions that cloud covers, many misconceptions and confusions have slipped in, particularly when attempting to differentiate the offerings. Whilst benefits such as agility, scalability, availability and potentially cost savings are common to all cloud services, perhaps the most important line to draw in the sand is that between Private and Public cloud services. Public Cloud Public cloud is defined as a multi-tenant environment, where you lease a service in a cloud computing environment that is shared with a number of other clients or tenants. Public Clouds typically deliver a pay-as-you-go model, where you pay by time or number of users purely for the resources you use. A classic use of this would be for a test & development environment where servers and resources are spun up and down on a regular basis. Well known Public cloud services include Microsoft Office 365 and Amazon Web Services. Typical Public Cloud features include. No long term contracts The pay as you go model is commonly used to acquire services on demand. Shared services due to the multi-tenant environment, the service you use whether hardware or software will often be the same hardware, storage and network devices as used by other tenants subscribed. Compliance with generic standards is possible but individual requirements are unlikely to be met. Control Typically, many of the controls are passed over to the service supplier. Whilst the customer can retain user access controls, software updates, hardware performance and maintenance outages are amongst the areas often in the control of the supplier. To many prospects, these are the biggest obstacles to engaging with a cloud service supplier. Private Cloud Private cloud services are typically single-tenant environments where the hardware, storage and network are dedicated to a single client or company. Co-location services are perhaps the most common form of private cloud arrangements whereby a business hosts their own

hardware and data at a data centre taking advantage of the service providers superior power, security and environmental facilities. Typical Private Cloud features include. Security - Because private clouds are dedicated to a single organisation and cannot be accessed by other clients in the same data centre, the hardware, data storage and network provision can be designed to provide high levels of client defined security. Compliance - Because the hardware, storage and network configuration is dedicated to a single client, compliance such as ISO, PCI and SOX are much easier to achieve. Bespoke configuration Hardware provision including processor, storage and network performance, can be specified by the customer. Hybrid - a business system which can be split between an on premises database and a cloud database, perhaps for data protection or performance reasons. This is not available in the Public cloud. High levels of security performance and compliance are all achievable in the cloud as long as the appropriate service model is selected. CCE Approach: the difference. Our Private Cloud is designed to deliver an end-to-end IT Service; at the core is the CCE Network which we, as an Internet Service Provider (ISP) have built. The network has no single point of failure and connects to our private and secure co-locations held within carrier data centres. The network has been running for around 10 years and has over 20,000 end points all monitored by our 24x7 UK based operating centre staffed by our own engineers. We use 3 data centres connected by to each other by 10Gb fibre links to ensure that we are always connected and able to continually replicate data and systems between them. Our co-locations hold large banks of Blade Servers running the latest VMware environment sitting on top of Enterprise Storage Ares Networks (SANs). They also contain resilient hosted telephone servers, dual firewalls, duel routes to the Public Internet and the Public Switch Telephone Network (PSTN). Further data protection and security is provided by the latest Symantec Anti-Virus and filtering services all supported by our in house 24x7 UK based team. CCE recognises that the low cost aspect of a Public Cloud service has an attraction to some clients for their non-critical work but they are worried about the security aspects as well as the location and distribution of their data. To obviate these problems, CCE, as an approved Microsoft 365 practitioner, offers its own version of Hybrid in that we are able to supply the functions of 365, but keep all client data in our private cloud, which is located within our secure U.K. based data centres.

Data Security It seems not a week goes by without another hacked headline relating to a well-known organisation being the victim of a cyber-attack and having its client data stolen. Compliance, fear of litigation and general reputation management mean that keeping client and employee data secure is of increasing importance particularly personal data which falls under the Data Protection Act requirements. This is about to take on even greater importance in 2016 when the new E.U. wide Data Management Regulations will be confirmed and published under the name General Data Protection Regulation or GDPR. The new regulations are potentially far reaching and, because they will be mandated as a E.U. Regulation, legally enforceable with the following headline changes: Stronger penalties for data breaches, ranging up to 4% of revenue Tougher requirements on consent (requirement to opt in) Enhanced rights for individuals (right to erasure) Data processors (including cloud service providers) will be held responsible for data protection This is the most significant development in data protection that Europe, possibly the world, has seen over the past twenty years and therefore unsurprisingly is designed to take full advantage of modern technologies and the way we work with them today and are likely to work in the future. In addition, there is a much greater emphasis on compliance following a widely held belief that business has not taken data privacy seriously enough previously. As a consequence, penalties are considerably harsher. The new compliance requirements are intended to spread a far wider net to include small and medium businesses. Although the details are yet to be finalised it is clear that cloud service suppliers face new challenges such as the right to erasure and a significantly increased responsibility for the integrity of data. One of the challenges for many businesses is the classification of data. Whilst the DPA only applies to personal data, for many organisations particularly when it comes to email, it is almost impossible to distinguish and separate personal from non-personal data. To ensure appropriate data security is in place the highest common denominator wins, and there is no choice but to apply a one size fits all approach resulting in secure but expensive services that may only be required for 10% of data. With the amount of data being captured, processed and stored growing exponentially the ability to classify accurately and therefore treat appropriately has to be an area for significant future development.

In summary, data security remains a barrier to cloud adoption and will become even more significant with the new Data Protection regulations therefor cloud service providers who adopt the right approach have an excellent opportunity to benefit from these developments. Businesses will be required to have greater understanding of the type of data they hold and what the appropriate protection needs are for their clients and employees. This better educated client base will realise it is highly likely that a good quality cloud provider will offer higher levels of data protection than the vast majority of on-premises facilities resulting in potential for significant increase in demand for cloud services. Some common cloud myths Myth 1 - Data is less secure in the cloud Perhaps the single biggest barrier to using cloud services is the belief that it must be less secure than keeping data on premises. The reality is that in the vast majority of cases security is enhanced rather than depreciated when using a high-quality cloud service provider. Sophisticated internal network infrastructures will have firewalls, proxy servers, DMZs and Intruder Detection Systems but unless they are a huge global conglomerate with deep pockets, it is unlikely that they will be able to compete with the level of Information Security sophistication that a cloud service provider has installed. Such providers are often certified to PCI DSS, ISO and ISAE standards. Myth 2 It is harder to comply with the Data Protection Act when using the cloud Many believe that having client or employee data hosted in the cloud makes it harder to comply with the DPA indeed, some businesses even believe it is a direct breach of the act. The reality is, that the Information Commissioners Office, the government body responsible for compiling and policing the DPA, recognise the requirement to use cloud services and issue detailed guidance on how to ensure you keep your data safe and comply with the regulations. What has become increasingly important is the need to apply the appropriate due diligence when selecting a third party cloud service provider. Myth 3 - Putting my data in the cloud means handing over control to the service supplier It is a common belief that once a cloud service is being used, control of the service, application and data end up in the suppliers hands. This is a good example of where the wide use of the term cloud can cause confusion when it comes to the granular level of control available depending on the service subscribed to. It is true that in a Public Cloud scenario, for example Office 365, the ultimate supplier of the service (in this case Microsoft) retain control over software updates and features including when they will update or change and impact the user. Other Public Cloud software as a service solutions retain similar controls.

In a Private Cloud scenario such as ours, it is very different. CCE offers a co-located solution whereby the service provided is infrastructure in the cloud, thus it is usual for our Clients to retain all control over hardware, software and data. Myth 4 On premise is an acceptable term in cloud discussions It isn t The correct term is on premises (important if trying to get the Institute of English Professors to use cloud services)

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information