Editor's note: What are the best practices in moving data to the clouds?
Learn more here!
Many companies would like to take advantage of cloud computing, but concerns
about possible security breaches and loss of data hold them back. For cloud
computing to gain traction in the enterprise, IT and security executives need
to be certain that their company's applications and data are safe. But when
security is partly out of enterprise control, it becomes impossible to know
if sensitive information has been accessed or compromised.
Security issues associated with third-party cloud environments continue to
prevent organizations from taking advantage of the cost savings and flexibility
that the cloud can offer. Today, using a public cloud means moving from an internal
environment where a company has complete control of data and processes to an
environment where that control belongs to someone else, and is often opaque.
Within the cloud, applications run in a multi-tenant environment sharing virtual
machines with other customers. Companies considering moving an application to
a cloud have legitimate concerns about data being compromised or stolen, including
unauthorized access by cloud administrators, exposure in the Internet or rogue
employees using the cloud to corrupt or leak sensitive information.
One solution is to keep sensitive data within the corporate data center and
put the other application tiers in the public cloud. While this approach works
well for some use case scenarios, the latency impact of the "reach back" into
the data center can be unacceptable for many applications and users. Moving
the entire application to the cloud -- including the database tier -- provides
better performance and scalability, but this exposes the application to new
potential threats such as those mentioned above.
Encryption is a well-known approach to addressing these types of security concerns.
For protection in the cloud, the enterprise needs to encrypt all data and communications.
While encrypting the application in the initial environment is usually fairly
straightforward, extending that encryption to the cloud creates new security
issues that have blocked many cloud deployments. In order to run the application
in the cloud, the enterprise needs to deliver the encryption keys to the cloud
to decrypt the data. This creates additional risks by exposing the keys in the
operating environment. In the worst case, poor encryption configuration and
management can expose the corporate data center to threats from the cloud.