Developing a Public Cloud Usage Policy? Start with These Questions
Considering that more data records have been breached this year than all of last year, it’s a good time to revisit your public cloud usage policies and procedures. In fact, you should always be monitoring your public cloud usage and policies to make sure that they are aligned with your network security protocols.
Bitglass recently published a cloud security report with information that it gathered through interviews with over 1,000 IT professionals across a variety of industries. Here are some insights covering cloud adoption and security trends:
- 45% of companies store email in the cloud, followed by sales and marketing data (42%), intellectual property (38%) and customer data (31%)
- 22% of companies reported that the cloud falls short in security measures
- 90% of organizations have security concerns about the public cloud
- The three biggest barriers to greater public cloud adoption are general security (45%), data loss and leakage (41%), and loss of control (31%)
- When asked about public cloud apps, 36% of organizations said they are less secure than internal apps
- 50% of organizations said that setting and enforcing security policies is the best way to combat cloud security
Public cloud computing offers companies a competitive advantage. Data, applications, and other tools are now readily available to help drive business success. Restrict these access points for the sake of network security and competitors gain the advantage; open up public cloud access at the sake of network security and the company could potentially suffer. This is a fine line that IT and network security personnel must navigate carefully.
Here are some questions to ask yourself as you develop your public cloud computing usage policies and procedures:
Have you planned for the unexpected? The only way your data will be secure in the cloud is if you plan for contingencies. Disaster recovery planning starts with asking your cloud provider the right questions.
- What happens when the cloud goes offline?
- How will you be notified when the cloud goes offline?
- How is the cloud restarted? Manually or automatically?
- Is load balancing provided?
- How are data backups done?
- Do they have a disaster recovery plan?
- How do they communicate outages?
- What is their track record for uptime?
You can review a more comprehensive list of questions to ask cloud providers before signing an SLA.
Do you know your legal implications of a data breach? Not all data is created equally. If you store personal data, such as social security information, credit or financial records, or health records, there will be legal ramifications from a data breach. It’s best to understand exactly what data you’re storing and what the law says regarding the storage of that data.
Are you thinking long term? You may know your data storage requirements today maybe, but data has a tendency to multiply (see IoT and Big Data implications on the date center), and depending on applications you’re using, the data points, or your sales growth, your data needs tomorrow might be exponentially greater than what they are now. You need to build in growth scenarios and plan accordingly.
Have you established data use policies? You can’t give equal access to all data. Salary information, for example, should only accessed by certain departments or personal, while other employee records should only be accessed by executive management.
Have you factored in time and bandwidth requirements? Moving large data sets doesn’t happen in the blink of an eye. If you need to move 1 TB of data, it can take hours or days depending on your bandwidth connection. The total amount of data in play needs to dictate your connection speeds.
Have you looked internally? If your IT department is not taking advantage of server virtualization, you may already have the server capacity to house data. Granted, there may still be a need for a backup solution, but server virtualization can free an amazing amount of data storage capacity, helping you make your existing server footprint work harder and more efficiently.
These questions can help inform your public cloud usage procedures. but the key is putting them into a workable policy that’s actively communicated across the organization.