The world of IT is changing rapidly and along with it, the standards for Data Security. Ok, I know everyone acknowledges that, but this time it’s different.
Think back to the 1980s and everyone had a dumb terminal that accessed a big, noisy mainframe that was located somewhere in the building you were working in. Everything was connected by think, clunky cables called hermaphroditic connectors connected to MAUs that disappeared into the ceiling or floor and only a select few people ever knew where they went, or what they even did. For the nerds reading this, it was the ultimate centralized computing experience. From a Data Security perspective, the data was locked up tight and guarded by DBA. You couldn’t even enter the room the data was stored in without high-level security clearance, and when you did get access to it, it was always on a temporary basis.
Then came the 1990’s and the desktop. The focus shifted to moving computing power out to the end-user, and onto their powerful new desktops (read: decentralized computing). The term thick application (think client) took meaning and the only thing left to do was to power down the old mainframes, unless of course, you were using them to heat the adjacent rooms in the winter. The nerds in IT in the 1990’s knew how to build powerful desktops to support the ever-increasing demand for localized computing requirements like AutoCAD , and DOOM (for me it was Wolfenstein)! From a Data Security perspective, aside from a few inconveniently or erroneously placed spreadsheets or isolated incidents where folks “accidentally” left unencrypted laptops in public places that happened to be frequented by well-known hackers, the data was usually stored in a sophisticated relational database with some measure of security protecting it from the outside world.
Needless to say, since the 1990’s we have seen various permutations of centralization and decentralization come and go, to the point where today we have a veritable hybrid approach called Cloud Computing. The computing components can be both local (on your desktop) and centralized (on the cloud) and everything in between. Take Microsoft Office 365 for example, the application I’m using to write this blog is a key example. I started writing while I was on an airplane disconnected from the internet and, just for the sake of example, will complete writing it using the web interface. Being somewhat of a Data Security champion, I use an encrypted VPN tunnel to protect my data at home and when I travel.
By now, you are probably thinking, “what does all this have to do with Cloud Computing and Data Security?!” and frankly, I don’t blame you.
The fact is, the one thing that is consistent between both centralized and decentralized computing models is… drum roll… for the most part the location of the Data is on-premise, or on a piece of hardware that the company owns and is responsible for. When you move your applications and data to the Cloud, they are no longer on-premise and they are no longer on hardware that you own or control.
“Yikes! What does that mean?”
It means that you have to start you need to understand the Data Security implications of this new computational model before you make a move to the Cloud.
“Well, of course!”, you say. “But where do I start?”
Aside from the technical details like preventing data breaches, mirroring storms (yes, they are real), and traffic hi-jacking, you need to understand and clearly define the business case for making a move to the Cloud. “Because everyone else is doing it”, doesn’t mean it’s right for your business. There is a significant amount of effort required to make the jump without potential pain and legal ramifications, so tread carefully.
Here are some of the indications that you are not ready to make the move:
To be continued…
In the meantime, for more information or for help, please reach out to Nugravity.