Posted by: MelanieYarbrough
Cloud computing, Cloud security, Salesforce
It’s a common belief these days: Everything is heading to the cloud. With words such as “migration” dictating much of the conversation surrounding cloud, it’s safe to infer that many people view the cloud as an approaching technology rather than one that’s already here.
Peter Coffee, head of platform research for Salesforce.com, disagrees with this feet-dragging mentality. “The cloud is certainly available to everyone,” said Coffee. First of all, he said “migrate” is an inhibiting word when approaching the cloud. Coffee suggests looking for applications you wish you had but haven’t been able to create. Do you have a business process that’s organized primarily in spreadsheets and email? Consider building an application that can automate that process and deploy it in the cloud.
“That’s going to be the best demonstration of what cloud can do,” Coffee said. “Throw it in your operating budget. There’s easy integration, and suddenly the IT department is no longer a cost center but a creation partner.” Leverage these early deliverables from IT in order to make a case for future, more critical, cloud deployment projects.
But, what about cloud security?
Coffee warns against measuring cloud security against some theoretical ideal, urging instead to compare it to the reality of your security today. This is where you will find the meat of your flexibility in what you deploy in the cloud. “Too many people have too many permissions,” he said. Take advantage of capabilities offered by cloud services such as logging and reporting abnormal user activity. “In old IT, if an employee downloaded an entire customer database, they could either be looking up two or three names or they’re on their way out the door with all of your customers.” But, as Coffee points out, with a simple workflow rule you can be alerted whenever someone’s normal activity changes and nip potential data breaches in the bud.
He went so far as to say that the most recent WikiLeaks scandals might not have been possible or, at the very least, would have been easier to track and detect without forensic detective work.
Cloud Services Growing
The IT services industry is experiencing an acceleration in demand that suggests a good omen for cloud computing. The growth of deploying mission-critical applications in the cloud may see major push in the near future thanks to generations into whose thinking the cloud is fully integrated.
“I always tell customers, ‘Don’t think about the next six months, think about the next three years. Right now there are kids in a pizza parlor talking about crushing you.’” These kids Coffee refers to are growing up in a world where multiple devices mandate a different approach to everyday tasks such as word processing. The mindset he runs into, he says, is “Why download Apple’s word processing app when I can just use Google docs?” The ability to share, access anywhere, and use only what you need is no longer a dream, Coffee says, it’s a real part of the culture.
When those pizza parlor dwellers show up in your rearview mirror, it’ll be too late, Coffee warns. They won’t have to delegate capital to servers or talent to managing business processes that can be automated in the cloud.
Did the NIST leave more to be desired?
With CIO Vivek Kundra’s push to the cloud and the NIST’s Guidelines on Security and Privacy in Public Cloud Computing, there are still some holes that users see as ignoring possible problems. One IT Knowledge Exchange member expressed concerns:
[T]hey failed to take a look at how it affects an organization’s legal protections to data. Will all subpeonas [sic] come to the organization and allow the organization to respond or to the cloud provider which leaves the organization out of the loop on a legal action? This an [sic] other questions over legal compliance issues make public clouds risky.
Coffee admitted that regulations and laws that apply to the physical location of data can be tricky ground to navigate. Work with laws such as the California Security Breach Information Act (SB-1386), which dictates that companies notify every customer of even just a suspicion of a data breach. Find a service provider that can offer solutions to allow you to comply to local laws and protect your users.
The purpose of service providers is to help you navigate the maze of laws and regulations in addition to the needs within your company. The key to maximizing that help? Create a working compliance posture before approaching a provider. Knowing what you need and exactly how you need it will ensure you get – and pay for – what you want.