It is a well acknowledged fact that security and access are two factors that determine how much control you have over your data whether the data resides in a local repository or a remote Cloud based database. If one or more of the factors are not satisfactory, your control over your data cannot be optimal.
Data security in the Cloud—setting aside discussions on the use of encryption to secure data—suffers from lack of standardization. Security implementations are often opaque and the vendor’s concepts of security are often different from the customer’s definition of security. Let us look at two common scenarios—security in the public Cloud and security in the private Cloud.
Security in the public Cloud is vendor defined. The security protocols and access boundaries are defined upfront by the vendor. Firewalls, isolation and Cloud edge technologies are set up by the vendor. The end user has control over only data access management. Even the hardware used to store user data may be shared by multiple users of the vendor services. Vendor control is optimal. User control over data is minimal.
Security in the private Cloud may be wholly or partly user defined. The customer has the option of defining boundaries, setting up firewalls or defining isolation protocols. The customer can permit penetration by the vendor on need basis. User management and user access are wholly controlled by the end user. Even the hardware may be isolated from other users of the vendor services. The vendor control over the services is minimal. User control over data is optimal.
The hybrid Cloud negotiates the middle path. The user may choose to host non mission critical data in public Clouds and mission critical data in private Clouds to optimize on costs and retain desirable levels of control over data.
It follows that security requirements can be defined and met, only when the two parties to the transaction—the Cloud vendor and the customer—meet and fill in any gaps that may arise because of security control issues. It is mandatory that all stakeholders involved must have an understanding of the perimeter of data access, control and visibility across the layers. With this knowledge, enterprises can orchestrate a smooth migration to the Cloud and ensure that security is never compromised for want of understanding of the enterprise specific use-case.
Securstore is here to help you control your data in the Cloud. Contact us for a free, no obligation one month free trial.