Many compliance officers look at the cloud with suspicion, concerned with just how much data they can move there and still maintain cloud compliance. The central issue here is exposing critical data to interception, as well as preventing the loss of data.
This poses a difficult challenge: data in motion, either on a local area network (LAN) or the Internet, needs the same rock-solid protection regardless of the transport mechanism being used. This, in itself, is difficult because the security solutions used with LANs are more robust and controllable than those available over the Internet. The security imbalance prevents compliance-bound data from traveling over the Internet and so prevents the use of low-cost cloud services.
The answer to this imbalance lies in applying effective security solutions to each element involved in the storage and transmission of data. This is relatively simple for compliance officers to accomplish on the local level, but much more difficult to accomplish in the cloud.
Simply put, if the level of protection for data is consistently enforced throughout its journey, then cloud compliance shouldn’t be a problem. The key element becomes the creation, application, enforcement and secure the cloud for compliance purposes, it is important for compliance officers to make sure a security solution offers scalability, automation and auditing, and has adequate speed to meet traffic needs. It is the cloud, ironically, that creates the security problems, but it takes a cloud service to solve them.
When looking to secure the cloud for compliance purposes, it is important for compliance officers to make sure a security solution offers scalability, automation and auditing, and has adequate speed to meet traffic needs. It is the cloud, ironically, that creates the security problems, but it takes a cloud service to solve them.
All is not lost. Security technology, working hand-in-hand with policy-driven enforcement, is starting to transform into cloud-based services. For example, Cloud Passage, a cloud services company, has ambitions to transform how security is accomplished across a broad, multi-connected enterprise using commonly accepted concepts.
CloudPassage’s approach to the problem is an interesting one compared to those of its competitors. It uses SaaS to secure public and private clouds, which allows its product to serve as a virtualized firewall, but also to enforce security policies to servers anchoring both private and public clouds. This hybrid approach will enable delivery of security solutions that meet cloud compliance needs, while still allowing businesses access to clouds.
Frank Ohlhorst is an award-winning technology journalist, professional speaker and IT business consultant with more than 25 years of experience in the technology arena. He has written for several leading technology publications, including Computerworld, TechTarget, PCWorld, ExtremeTech and Tom’s Hardware, and business publications including Entrepreneur and BNET. Ohlhorst was also executive technology editor at eWEEK and director of CRN Test Center.