Question: With all the talk about data on the cloud, is it possible to build a distributed enterprise architecture that addresses the issues of security and cost effective delivery without compromising business integrity?
For example, let us say you are relying on a major retailer’s supply chain system for inventory control and tracking. The retailer represents 60% of your annual sales. They have intimate knowledge of all your costs and are squeezing you to cut your overheads further. It almost looks like they have better business intelligence tools than you do. You are uncomfortable with the relationship, but are afraid pulling out will have disastrous effects on your core business and profits. The board is nervous and Wall Street is not treating your stock price kindly. Too many companies are finding themselves in exactly that situation as they find they are required to share more data with their business partners. Yes, there are cost efficiencies to be found by taking this approach, but there is also the substantial risk of loss of control.
Data integrity, security and confidentiality have long relied on a combination of network and application based security. As long as the data was secured on local systems using role-based account access combined with strong firewalls, the thinking was that corporate data was well secured. As enterprise architectures get more complex and the supply chain more integrated, the data is increasingly stored in massive data warehouses and SOA’s. To add even more complexity more enterprises are using the cloud as a way to augment their internal systems or sharing information with their business partners. Data is increasingly spilling out to the cloud with little or no thought given to the security implications for the enterprise. With the recent news about credit card fraud and identity theft on a massive scale, companies are and should be worried about protecting and securing their data.
At the basic level that means that companies need to understand where their data resides, who is using it, how they are using it and most importantly, why are they using it. Some of the many security issues that the new distributed architectures might mean to the enterprise include such questions as:
- Just what does data security mean in new contexts where you no longer have full control over the systems?
- How is responsibility for data integrity and confidentiality assured if there are multiple parties involved in the chain of authority?
- Do private clouds avoid or solve the problem, or do they make it more complex to manage as companies increasingly have to interface with business partners and customers on the cloud?
- What types of architectures and mechanisms can be implemented through the systems and to assure full data integrity and confidentiality?
- What are the best approaches to protecting the most sensitive data, particularly in the face of increased regulations and audit requirements?
About the Author
Beth Cohen, Luth Computer Specialists, Inc.